Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›


Investigating Privesc Methods in AWS

Senior Security Consultant Gerben Kleijn's created and documented exploit scenarios for 21 AWS privilege escalation methods to fully understand the vulnerabilities introduced by certain AWS permissions.

Explore Amazon Web Services (AWS) Privilege Escalation in Depth With Tried-and-Tested Methods

Recreate these privesc techniques in your own environment.

In 2018, Spencer Gietzen wrote an excellent article on privilege escalation in AWS, identifying 21 separate methods across various AWS services. Pen testers often use Spencer’s article on engagements to try and find privilege escalation paths in client environments. Some of the escalation techniques identified by Spencer require in-depth knowledge of specific services, or are part of a multi-step process. But, what are the prerequisites and limitations? What does the escalation path actually look like in practice?

To answer these questions, Gerben Kleijn, a senior security consultant at Bishop Fox, took it upon himself to test Spencer’s methods. He created the exploit scenarios for each of the 21 techniques in his own AWS environment and verified that that one can escalate privileges with all of them. These exercises can be very helpful to fully understand the vulnerabilities introduced by certain AWS permissions. Gerben also sorted these 21 methods into five larger categories and developed a cheat sheet to help remember the overall privesc threats to AWS.

Go Deeper

Dive into our technical blogs to learn more.

Well, That Escalated Quickly

An in-depth walkthrough of the exploit scenarios for each of the 21 techniques for escalating privileges in an AWS environment.

Read the Blog ›

Escalator to the Cloud: 5 Privesc Attack Vectors in AWS

In reviewing the 21 methods across various AWS services that could lead to privilege escalation, Gerben Kleijn found that the techniques can be sorted into five rough categories. This article discusses those categories at a high level, and what to look out for in each category if you’re the one setting up user permissions.

Read the Blog ›

Bishop Fox Labs Researcher Gerben Kleijn Headshot

Lead Researcher

Gerben Kleijn

Gerben Kleijn (OSCP, CISSP) is a Senior Security Consultant for Bishop Fox, where he primarily focuses on external network penetration tests and web application assessments, as well as cloud deployment reviews for Amazon Web Services (AWS). He has advised Fortune 500 brands and startups in industries such as media, retail, and software in addition to popular websites, credit reporting agencies, and marketing platforms.


This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.