stsgetfederatedtoken

src/pentesting-cloud/aws-security/aws-post-exploitation/aws-sts-post-exploitation.md

@@ -100,6 +100,18 @@ client.meta.events.register( 'before-call.secretsmanager.GetSecretValue', lambda
 response = client.get_secret_value(SecretId="flag_secret") print(response['SecretString'])
 ```
 
+### **`sts:GetFederationToken`**
+
+With this permission it's possible to create a federated identity for the user executing it, limited to the permissions that this user has.
+
+```bash
+aws sts get-federation-token --name <username>
+```
+
+The token returned by sts:GetFederationToken belongs to the federated identity of the calling user, but with restricted permissions. Even if the user has administrator rights, certain actions such as listing IAM users or attaching policies cannot be performed through the federated token.
+
+Additionally, this method is somewhat more stealthy, since the federated user does not appear in the AWS console (IAM portal), it can only be observed through CloudTrail logs or monitoring tools.
+
 {{#include ../../../banners/hacktricks-training.md}}