To access material, start machines and answer questions login.
An engineer creates an access key to run a deployment script. The script works, the project is deployed, and the key is forgotten, still active, never rotated, saved in a config file somewhere.
If the key is leaked, an attacker would have persistent, long-lived access to the environment.
This is one of the most common credential hygiene misconfigurations in .
Learning Objectives
- Learn how to use the credentials report to audit access keys
- Identify stale or unused access keys
- Rotate access keys, deactivate, and delete obsolete keys
- Enable and enforce on users
- Understand why and how to use temporary credentials
Prerequisites
- Being able to set up your environment (First Steps Into room)
- Basic commands ( Fundamentals room)
- Have a basic understanding of the service (Introduction to room)
Remember, remember! The forgotten key, treason and plot.
Ready to learn Cyber Security?
The The Forgotten Access Key room is only available for Premium or Max subscribers. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in
