gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-27 21:23:07 -08:00
Code Issues Packages Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
Carlos Polop
2025-02-14 16:42:49 +01:00
parent ccbbfaee00
commit 4df9252db4
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-macie-privesc.md
View File

@@ -14,7 +14,7 @@ For more information about Macie check:
AWS Macie is a security service that automatically detects sensitive data within AWS environments, such as credentials, personally identifiable information (PII), and other confidential data. When Macie identifies a sensitive credential, such as an AWS secret key stored in an S3 bucket, it generates a finding that allows the owner to view a "sample" of the detected data. Typically, once the sensitive file is removed from the S3 bucket, it is expected that the secret can no longer be retrieved.
However, a **bypass** has been identified where an attacker with sufficient permissions can** re-upload a file with the same name** but containing different, non-sensitive dummy data. This causes Macie to associate the newly uploaded file with the original finding, allowing the attacker to use the **"Reveal Sample" feature** to extract the previously detected secret. This issue poses a significant security risk, as secrets that were assumed to be deleted remain retrievable through this method.
However, a **bypass** has been identified where an attacker with sufficient permissions can **re-upload a file with the same name** but containing different, non-sensitive dummy data. This causes Macie to associate the newly uploaded file with the original finding, allowing the attacker to use the **"Reveal Sample" feature** to extract the previously detected secret. This issue poses a significant security risk, as secrets that were assumed to be deleted remain retrievable through this method.
<img src="https://github.com/user-attachments/assets/c44228ae-12cd-41bd-9a04-57f503a63281" height="800" width="auto"/>

3
src/pentesting-cloud/aws-security/aws-services/aws-macie-enum.md
View File

@@ -140,4 +140,5 @@ TODO: PRs are welcome!
- [https://cloudacademy.com/blog/introducing-aws-security-hub/](https://cloudacademy.com/blog/introducing-aws-security-hub/)
{{#include ../../../../banners/hacktricks-training.md}}
{{#include ../../../banners/hacktricks-training.md}}