Jun 30, 2026
Turning iam:PassRole Into Account Takeover
A realistic AWS privilege-escalation path: from a scoped, read-mostly IAM role to full administrator by abusing iam:PassRole and a compute service — with the enumeration tradecraft, the exploit chain, the CloudTrail trail it leaves, and the controls that actually stop it.
10 min read
