AWS attack path graphing aims to map exploitable relationships between resources as a way of identifying hidden risks. Unlike on-premise graphing solutions like Bloodhound, cloud graphing requires a different approach conducive to its permissions model and thousands of resource types.
Contemporary AWS graphing solutions typically fall short in one or more of a few ways: 1) they create paths based on naive identity policy analysis, 2) they lack a wide range of resources, 3) they provide only one round of analysis.
In this talk we will present novel approaches for extensible data collection, relationship building and re-building, and analysis. The approach will center on providing human operators tools to contribute to larger pathfinding operations and utilize local policy simulation to evaluate complex permission contexts.
We will also cover a new, open-source tool implementing these approaches that can assist cloud practitioners in graphing and analyzing their AWS environments.
