STS

STS overview and attacks

sts:GetFederationToken

  • Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a user.

  • A Python script leveraging Boto3 called aws_consoler can automatically generate AWS console credentials.

  • This works even if the user does not have console access configured!

aws_consoler

2024-03-09 14:46:03,754 [aws_consoler.logic] WARNING: Creds still permanent, creating federated session.
https://signin.aws.amazon.com/federation?Action=login&Issuer=consoler.local&Destina
[snip]

Last updated