AWS - Control Tower Post Exploitation

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Control Tower

AWS - Control Tower Enum

Enable / Disable Controls

To further exploit an account, you might need to disable/enable Control Tower controls:

aws controltower disable-control --control-identifier <arn_control_id> --target-identifier <arn_account>
aws controltower enable-control --control-identifier <arn_control_id> --target-identifier <arn_account>

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousAWS Codebuild - Token Leakage NextAWS - DLM Post Exploitation

Last updated 7 days ago