Skip to content

Add article: obfuscated admin IAM policies using action wildcards#502

Open
raajheshkannaa wants to merge 1 commit intoHacking-the-Cloud:mainfrom
raajheshkannaa:feat/obfuscated-admin-policy
Open

Add article: obfuscated admin IAM policies using action wildcards#502
raajheshkannaa wants to merge 1 commit intoHacking-the-Cloud:mainfrom
raajheshkannaa:feat/obfuscated-admin-policy

Conversation

@raajheshkannaa
Copy link
Copy Markdown
Contributor

@raajheshkannaa raajheshkannaa commented Mar 23, 2026

Closes #419

Summary

  • New article covering IAM policy obfuscation techniques that grant admin-equivalent access while evading name-based detections
  • Techniques: service-action wildcard split (*:*), single-char wildcards on service names (?am:*), partial action wildcards, multi-statement broad wildcards, inline policy abuse
  • Includes detection guidance using IAM Access Analyzer, CloudTrail, and SimulatePrincipalPolicy
  • mkdocs build passes cleanly

Test plan

  • Article renders correctly with mkdocs
  • All example policies are syntactically valid JSON
  • Detection section provides actionable guidance

@raajheshkannaa
Add article: obfuscated admin IAM policies using action wildcards
bc51321 
Covers wildcard-based IAM policy obfuscation techniques that grant
admin-equivalent access while evading name-based policy detections.
Includes detection guidance and example policies.

Fixes Hacking-the-Cloud#419
@raajheshkannaa raajheshkannaa force-pushed the feat/obfuscated-admin-policy branch from 0765966 to bc51321 Compare March 24, 2026 20:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Obfuscated Admin Policy

1 participant

@raajheshkannaa