Attack Path Categories

The following list details the categories of attack paths that Panoptica identifies. See Attack Path Analysis for more information about attack paths.

• Administrator access compromise - which includes any risk to an identity with admin access (AdministratorAccess policy / actions: + resource: ).
• Cross-account - An attacker with access to another account which can lead to resource compromise.
  Unlike other categories, an attack path can be in the cross-account category AND another category - meaning that some Attack Paths will have two categories. The display name in this case will be: “{regular category name} from another account”.
  For example, this attack path appears if you filter for the “Data exposure” category AND the “Cross-account” category.

• Data exposure - includes any risk to high permissions (other than admin) on storage resources.
• Insecure configuration – a setup or deployment that is not properly hardened or secured, potentially exposing the system to vulnerabilities and risks.
• Malware infected – indicates that malicious software has infiltrated your resources.
• Privilege escalation - includes any risk to high permissions (other than admin) on other resources (not storage).
• Neglected resource - an attacker with access to a group can expose and exfiltrate protected data in the account by using the attached risky data permissions.
• Secrets exposure – the unintended disclosure of sensitive information, such as API keys, passwords, tokens, private encryption keys, or other credentials that are used to authenticate and authorize access to various cloud services and resources.
• Subdomain takeover - an attacker can take over a subdomain. If an attacker takes over the domain, they can potentially read cookies, perform cross-site scripting, serve malicious content, and more.
• Vulnerable public workload - an attacker with network access to an unencrypted resource can gain full access to the resource and its permissions