Brute Force IAM Permissions
Brute force the IAM permissions of a user or role to see what you have access to.
Enumerate AWS Account ID from a Public S3 Bucket
Knowing only the name of a public S3 bucket, you can ascertain the account ID it resides in.
Enumerate Permissions without Logging to CloudTrail
Leverage a bug in the AWS API to enumerate permissions for a role without logging to CloudTrail and alerting the Blue Team.
Get Account ID from AWS Access Keys
During an assessment you may find AWS IAM credentials but not know what account they are associated with. Use this to get the account ID.
Unauthenticated Enumeration of IAM Users and Roles
Leverage cross account behaviors to enumerate IAM users and roles in a different AWS account without authentication.
Whoami - Get Principal Name From Keys
During an assessment you may find AWS IAM credentials. Use these tactics to identify the principal of the keys.