SkyArk – Helps To Discover, Assess And Secure The Most Privileged Entities In Azure And AWS

3. SkyArk includes more small sub-modules for playing around in the cloud security field
An example for such a sub-module is AWStrace module.
AWStrace – analyzes AWS CloudTrail Logs and can provide new valuable insights from CloudTrail logs.
It especially prioritizes risky sensitive IAM actions that potential attackers might use as part of their malicious actions as AWS Shadow Admins.
The module analyzes the log files and produces informative csv result file with important details on each executed action in the tested environment.
Security teams can use the results files to investigate sensitive actions, discover the entities that took those actions and reveal additional valuable details on each executed and logged action.

Quick Start
Take a look at the Readme files of the scanning modules:
AzureStealth – https://github.com/cyberark/SkyArk/blob/master/AzureStealth/README.md
AWStealth – https://github.com/cyberark/SkyArk/blob/master/AWStealth/README.md

Share Your Thoughts And Feedback
Asaf Hecht (@Hechtov) and CyberArk Labs
More coverage on the uprising Cloud Shadow Admins threat:
ThreatPost: https://threatpost.com/cloud-credentials-new-attack-surface-for-old-problem/131304/
TechTargetSearchCloudSecurity: https://searchcloudsecurity.techtarget.com/news/252439753/CyberArk-warns-of-shadow-admins-in-cloud-environments
SecurityBoulevard: https://securityboulevard.com/2018/05/cyberark-shows-how-shadow-admins-can-be-created-in-cloud-environments/
LastWatchDog: https://www.lastwatchdog.com/cyberark-shows-how-shadow-admins-can-be-created-in-cloud-environments/
Byron Acohido’s Podcast: https://soundcloud.com/byron-acohido/cloud-privileged-accounts-flaws-exposed