From 3f8aa12ce9332570fc04679fc85b6f26196d74df Mon Sep 17 00:00:00 2001
From: Ben <93559326+AI-redteam@users.noreply.github.com>
Date: Thu, 23 Oct 2025 16:26:48 -0500
Subject: [PATCH] Update README to specify Airflow DAG permissions

Clarified that all Airflow DAGs run with the execution role's permissions.
---
 .../aws-post-exploitation/aws-mwaa-post-exploitation/README.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pentesting-cloud/aws-security/aws-post-exploitation/aws-mwaa-post-exploitation/README.md b/src/pentesting-cloud/aws-security/aws-post-exploitation/aws-mwaa-post-exploitation/README.md
index e8f5cbbc6..624dbf86a 100644
--- a/src/pentesting-cloud/aws-security/aws-post-exploitation/aws-mwaa-post-exploitation/README.md
+++ b/src/pentesting-cloud/aws-security/aws-post-exploitation/aws-mwaa-post-exploitation/README.md
@@ -27,7 +27,7 @@ Documentation Verifying Vuln and Acknowledging Vectorr: [AWS Documentation](http
 
 ## Exploitation
 
-All DAGs run with the execution role's permissions. DAGs are Python scripts that can execute arbitrary code - they can use `yum` or `curl` to install tools, download malicious scripts, or import any Python library. DAGs are pulled from an assigned S3 folder and run on schedule automatically, all an attacker needs is ability to PUT to that bucket path.
+All Airflow DAGs run with the execution role's permissions. DAGs are Python scripts that can execute arbitrary code - they can use `yum` or `curl` to install tools, download malicious scripts, or import any Python library. DAGs are pulled from an assigned S3 folder and run on schedule automatically, all an attacker needs is ability to PUT to that bucket path.
 
 Anyone who can write DAGs (typically most users in MWAA environments) can abuse this permission: