cloud-aksk-exploit

This fragment is an explicit, end-to-end AWS intrusion and persistence playbook. It includes concrete steps to enumerate IAM privileges, exfiltrate secrets/configs (Secrets Manager, SSM decryption, Lambda env vars, S3 downloads), take over resources (S3/EC2/Lambda), escalate privileges (wildcard admin IAM policies, PassRole/AssumeRole, Lambda redeployment), and create durable backdoor access (new admin IAM users and access keys). Treat as highly malicious supply-chain risk content rather than legitimate code.

High-confidence malicious cloud abuse/intrusion playbook. It provides actionable steps to enumerate permissions, exfiltrate data from COS, upload a server-side payload, take over CVM credentials, extract SCF environment secrets, enumerate KMS keys, and establish persistent admin-level access by creating CAM sub-accounts and generating AK/SK with AdministratorAccess. This content should be treated as hostile and not part of any legitimate software supply chain.

MALICIOUS. The skill’s footprint is fully aligned with hostile cloud-account compromise after credential theft: it uses leaked AK/SK to enumerate permissions, exfiltrate data, escalate privileges, seize resources, and establish persistence. Install provenance of the CLIs appears mostly official, but that does not reduce the core issue that this is an offensive exploit skill for real-world unauthorized actions.