All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Abusing AWS Organizations Default Configurations for Lateral Movement in Multi-Account Environments

3d ago· 8 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Sesame, salt, and substance. A flagship bake.

Score100TypeanalysisSentimentneutral

Summary

This article explains how AWS Organizations' default multi-account architecture can be abused by penetration testers and red teamers for lateral movement and privilege escalation. It covers the default configuration where the management account has significant control over member accounts, and demonstrates techniques for pivoting between accounts once initial access is gained. The article serves as a security research resource for offensive security professionals.

Key quotes

· 5 pulled
Almost all mid-to-large sized AWS environments make use of multi-account architecture.
Using multiple AWS accounts offers a number of benefits and is considered a best practice.
To help organize and manage those accounts, AWS offers a service called AWS Organizations.
Due to the ubiquity of AWS Organizations, it is important for Penetration Testers and Red Teamers to familiarize themselves with its default configuration.
When an account creates an organization it becomes the management account of that organization.
Snippet from the RSS feed
How to abuse AWS Organizations' default behavior and lateral movement capabilities.

You might also wanna read

Exploring Leaked AWS Access Keys and Attacker Exploitation: Insights from a Blog Series

The final part of a blog series explores leaked AWS Access Keys, how attackers exploit them, and measures organizations can take to protect

clutch.security·10mo ago

Critical Misconfiguration in Microsoft's Internal Applications Exposes Sensitive Data

The article details a security researcher's discovery of a critical misconfiguration in Microsoft's internal applications, which allowed una

research.eye.security·10mo ago

Critique of sudo's Security Model and the Case for Object Capabilities

The article presents a strong critique of the sudo command in Unix/Linux systems, arguing that it represents fundamental flaws in the modern

ariadne.space·6mo ago

Azure API vulnerability and roles misconfiguration compromise corporate networks

token.security·11mo ago

Building Scalable Agent Infrastructure: From AWS Lambda to Unikraft Micro-VMs

Browser Use shares their technical journey from running web agents on AWS Lambda to developing a more robust infrastructure using Unikraft m

browser-use.com·3mo ago

GitHub Actions workflows identified as common weak link in open source supply chain attacks

This article analyzes a series of high-profile open source supply chain security incidents from the past 18 months, tracing them back to Git

Andrew Nesbitt·1mo ago