Attack Path Categories
The following list details the categories of attack paths that Panoptica identifies.
- Administrator access compromise - which includes any risk to an identity with admin access (AdministratorAccess policy / actions: + resource: ).
- Data exposure - includes any risk to high permissions (other than admin) on storage resources.
- Privilege escalation - includes any risk to high permissions (other than admin) on other resources (not storage).
- Neglected resource - an attacker with access to a group can expose and exfiltrate protected data in the account by using the attached risky data permissions.
- Subdomain takeover - an attacker can take over a subdomain. If an attacker takes over the domain, they can potentially read cookies, perform cross-site scripting, serve malicious content, and more.
- Vulnerable public workload - an attacker with network access to an unencrypted resource can gain full access to the resource and its permissions
- Cross-account - An attacker with access to another account can lead to resource compromise.
Unlike other categories, an attack path can be in the cross-account category AND another category - meaning that some Attack Paths will have two categories. The display name in this case will be: “{regular category name} from another account”.
For example, this attack path appears if you filter for the “Data exposure” category AND the “Cross-account” category.
Updated 5 months ago