STS overview and attacks


  • Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a user.

  • A Python script leveraging Boto3 called aws_consoler can automatically generate AWS console credentials.

  • This works even if the user does not have console access configured!


2024-03-09 14:46:03,754 [aws_consoler.logic] WARNING: Creds still permanent, creating federated session.

Last updated