Product
low
advisory
AWS CloudShell Environment Creation Detection
2 rules 2 TTPsDetection of AWS CloudShell environment creation can indicate unauthorized command execution within AWS by an adversary leveraging a compromised console session to interact with AWS services.
AWS CloudShell
aws
cloudshell
execution
initial-access
2r
2t
medium
advisory
AWS IAM Operations via Compromised CloudShell
2 rules 4 TTPsCompromised AWS console sessions can lead to attackers performing sensitive IAM operations via CloudShell to establish persistence or escalate privileges.
AWS CloudShell +2
cloudshell
aws
iam
persistence
privilege-escalation
2r
4t
low
advisory
AWS CloudShell Environment Created
2 rules 1 TTPThe creation of a new AWS CloudShell environment is detected, potentially indicating unauthorized access for command execution within AWS by adversaries without needing local CLI credentials.
AWS CloudShell
cloud
aws
cloudshell
2r
1t