Attack paths are toxic combinations of risks in your environment. By chaining these risks together, an attacker may execute an exploit.

Some components of an attack path may include

  • Publicly facing assets: an attacker may get initial access to your environment through publicly exposed VMs, containers, or serverless functions.
  • 3rd party identities: Adversaries may attack external 3rd party entities to whom you have given privileges in your account.
  • Admin or high privileged principals: A takeover of these IAM principals may lead to data access or account takeover.
  • Privilege escalations: Certain combinations of privileges (e.g. iam:PassRole and ec2:RunInstances) may allow an attacker to subtly escalate their priveleges within your account. More details about privilege escalations can be found here.

ZeusCloud attack paths include