Skip to content

Add article: enumerate AWS metadata via IAM condition keys#505

Open
raajheshkannaa wants to merge 1 commit intoHacking-the-Cloud:mainfrom
raajheshkannaa:feat/conditional-love-enumeration
Open

Add article: enumerate AWS metadata via IAM condition keys#505
raajheshkannaa wants to merge 1 commit intoHacking-the-Cloud:mainfrom
raajheshkannaa:feat/conditional-love-enumeration

Conversation

@raajheshkannaa
Copy link
Copy Markdown
Contributor

@raajheshkannaa raajheshkannaa commented Apr 7, 2026

Closes #478

Covers the conditional-love technique by Daniel Grzelak (Plerion) that generalizes Ben Bridts' S3 account ID enumeration to multiple AWS services and condition types.

  • Explains the IAM condition key oracle technique (StringLike + wildcards)
  • Documents what can be enumerated: account IDs, org IDs, org paths, tag values
  • Lists supported services (S3, Lambda URLs, API Gateway, STS, SQS, Data Exchange)
  • Includes usage example for the conditional-love tool
  • Covers security implications and mitigations

Placed under AWS > Enumeration alongside the existing account_id_from_s3_bucket.md article.

@raajheshkannaa
Add article: enumerate AWS metadata via IAM condition keys
78e9817 
Covers the conditional-love technique by Daniel Grzelak (Plerion) that
generalizes Ben Bridts' S3 account ID enumeration to multiple services
and condition types including org IDs and resource tags.

Closes Hacking-the-Cloud#478
@raajheshkannaa raajheshkannaa force-pushed the feat/conditional-love-enumeration branch from b69a4ed to 78e9817 Compare May 7, 2026 02:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

https://github.com/plerionhq/conditional-love

1 participant

@raajheshkannaa