About IAM Vulnerable
Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.
This much-needed tool for the infosec industry fills an industry void and helps practitioners to level up their skills from beginner to expert at their own pace.
IAM Vulnerable uses the Terraform binary and your AWS credentials to deploy over 250 IAM resources into your selected AWS account. Within minutes, you can start learning how to identify and exploit vulnerable IAM configurations that allow for privilege escalation.
Currently supported privilege escalation paths: 31
Seth Art (OSCP) is a Senior Security Consultant at Bishop Fox, where he currently focuses on penetration testing cloud environments, Kubernetes clusters, and traditional internal networks.
Seth is the author of multiple open-source projects including IAM Vulnerable, Bad Pods, celeryStalk, and PyCodeInjection, has presented at security conferences, including DerbyCon and BSidesDC, published multiple CVEs, and is the founder of IthacaSec, a security meetup in upstate NY.
IAM Vulnerable Research