Tag: Link

  • RE: Hacking Terraform State for Privilege Escalation

    by

    in

    An interesting attack vector which uses empty terraform providers and a modified state file to execute code! There’s lots to be excited about as a red teamer and scared of as a blue teamer, but at the top of the list is that the attack does not require a “terraform apply”. Even if the human reviewing…