Skip to content

Commit

Permalink
Add references to docs and fix line feeds (#409)
Browse files Browse the repository at this point in the history
* Add reference to IAM user create profile attack technique

* Add Permiso reference to create IAM user technique

* Fix line feed

* Fix line feed

* Fix line feed

* Update main.go
  • Loading branch information
christophetd authored Sep 14, 2023
1 parent 0c8ed58 commit 4d9b504
Show file tree
Hide file tree
Showing 5 changed files with 6 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ Detonation:
- Create an IAM access key on the user.
References:
- https://sysdig.com/blog/scarleteel-2-0/
`,
Detection: `
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ Detonation:
References:
- https://permiso.io/blog/s/approach-to-detection-androxgh0st-greenbot-persistence/
- https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor/
- https://blog.darklab.hk/2021/07/06/trouble-in-paradise/
- https://expel.com/blog/incident-report-from-cli-to-console-chasing-an-attacker-in-aws/
`,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,9 @@ Detonation:
- Create an IAM Login Profile on the user
References:
- https://permiso.io/blog/s/approach-to-detection-androxgh0st-greenbot-persistence/
- https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor/
- https://blog.darklab.hk/2021/07/06/trouble-in-paradise/
- https://expel.com/blog/incident-report-from-cli-to-console-chasing-an-attacker-in-aws/
`,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ Detonation:
- Update the Lambda function code.
References:
- https://research.splunk.com/cloud/aws_lambda_updatefunctioncode/
- Expel's AWS security mindmap
`,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ Detonation:
- Update the current GCP project's IAM policy to bind the service account to the <code>owner</code> role'
References:
- https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/
`,
Detection: `
Expand Down

0 comments on commit 4d9b504

Please sign in to comment.