GITBOOK-702: No subject

pentesting-cloud/aws-security/aws-privilege-escalation/eventbridgescheduler-privesc.md

@@ -17,23 +17,6 @@ Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2).png"
 
 ## EventBridge Scheduler
 
-EventBridge Scheduler can be used for privilege escalation by scheduling calls to various AWS services. By leveraging its ability to invoke services on a scheduled basis, users with sufficient permissions can escalate privileges. Here are some of the key actions EventBridge Scheduler can trigger using templated targets:
-
-* Lambda: lambda:InvokeFunction - Invoke Lambda functions on a schedule.
-* CodeBuild: codebuild:StartBuild - Start AWS CodeBuild projects.
-* CodePipeline: codepipeline:StartPipelineExecution - Trigger AWS CodePipeline executions.
-* ECS: ecs:RunTask - Run ECS tasks.
-* EventBridge: events:PutEvents - Put events into EventBridge.
-* Inspector: inspector:StartAssessmentRun - Start Amazon Inspector assessments.
-* Kinesis: kinesis:PutRecord - Put records into Kinesis streams.
-* Firehose: firehose:PutRecord - Put records into Firehose delivery streams.
-* SageMaker: sagemaker:StartPipelineExecution - Start SageMaker pipeline executions.
-* SNS: sns:Publish - Publish messages to SNS topics.
-* SQS: sqs:SendMessage - Send messages to SQS queues.
-* Step Functions: states:StartExecution - Start executions of AWS Step Functions.
-
-These are just some of the templated actions EventBridge Scheduler can perform. However, by using universal targets, many other actions across AWS services can be invoked. Universal targets allow for more extensive API operations beyond the templated list.
-
 More info EventBridge Scheduler in:
 
 {% content-ref url="../aws-services/eventbridgescheduler-enum.md" %}
@@ -42,11 +25,9 @@ More info EventBridge Scheduler in:
 
 ### `iam:PassRole`, (`scheduler:CreateSchedule` | `scheduler:UpdateSchedule`)
 
-Users with `sts:AssumeRole`, `iam:PassRole`, and `scheduler:CreateSchedule or scheduler:UpdateSchedule` permissions can escalate privileges by leveraging the EventBridge Scheduler to invoke services using a role with higher privileges.
-
-With these permissions, an attacker can assume a role with elevated privileges and pass that role to EventBridge Scheduler when creating or updating a schedule. The schedule can be configured to perform any of the actions listed previously, such as invoking Lambda functions, starting ECS tasks, triggering CodePipeline executions, or any operation of the 270 AWS services supported by EventBridge Scheduler. By scheduling these actions, an attacker could abuse higher privileges to perform unauthorized operations across AWS services. \\
+An attacker with those permissions will be able to **`create`|`update` an scheduler and abuse the permissions of the scheduler role** attached to it to perform any action
 
-For example, they could configure the schedule to invoke a Lambda function which is a templated action:
+For example, they could configure the schedule to **invoke a Lambda function** which is a templated action:
 
 ```bash
 aws scheduler create-schedule \
@@ -59,7 +40,7 @@ aws scheduler create-schedule \
     }'
 ```
 
-In addition to templated service actions, you can use universal targets in EventBridge Scheduler to invoke a wide range of API operations for many AWS services. Universal targets offer flexibility to invoke almost any API. One example can be using universal targets adding "AdminAccessPolicy", using a role that has "putRolePolicy" policy:
+In addition to templated service actions, you can use **universal targets** in EventBridge Scheduler to invoke a wide range of API operations for many AWS services. Universal targets offer flexibility to invoke almost any API. One example can be using universal targets adding "**AdminAccessPolicy**", using a role that has "**putRolePolicy**" policy:
 
 ```bash
 aws scheduler create-schedule \