aws-penetration-testing
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Provides explicit instructions to grant 'AdministratorAccess' to the user by attaching IAM policies or updating Lambda function code to perform these actions.
- [COMMAND_EXECUTION]: Contains a dedicated section on 'Covering Tracks' which details how to delete or disable AWS CloudTrail trails to avoid detection during an attack.
- [CREDENTIALS_UNSAFE]: Outlines methods to extract temporary and permanent AWS credentials from the Instance Metadata Service (IMDS), environment variables, and container metadata endpoints.
- [DATA_EXFILTRATION]: Describes workflows for stealing sensitive data by creating snapshots of EBS volumes from other accounts/instances and mounting them to access file systems, as well as techniques for syncing S3 buckets.
- [EXTERNAL_DOWNLOADS]: Recommends the installation and execution of numerous third-party offensive security tools from various GitHub repositories, which can introduce unverified code into the environment.
Recommendations
- AI detected serious security threats
Audit Metadata