From 4f3f4b4a9353cf22536ccfd81ec39c84253ea2fc Mon Sep 17 00:00:00 2001
From: Nick Frichette <nick@frichetten.com>
Date: Sat, 22 Jan 2022 18:58:06 -0600
Subject: [PATCH] Address #108: Add AWS Consoler permissions

---
 content/aws/post_exploitation/aws_consoler.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/content/aws/post_exploitation/aws_consoler.md b/content/aws/post_exploitation/aws_consoler.md
index 6271fc4..d2b97fd 100644
--- a/content/aws/post_exploitation/aws_consoler.md
+++ b/content/aws/post_exploitation/aws_consoler.md
@@ -7,6 +7,8 @@ description: "Leverage stolen credentials to use the AWS Console."
 Original Research: [Ian Williams](https://blog.netspi.com/gaining-aws-console-access-via-api-keys/)  
 Link to Tool: [GitHub](https://github.com/NetSPI/aws_consoler)
 
+__Required IAM Permissions__: sts:GetFederationToken OR sts:AssumeRole.
+
 When performing an AWS assessment you will likely encounter IAM Credentials. Traditionally, the majority of these that you would find would only be usable from the AWS CLI. Using a tool called [AWS Consoler](https://github.com/NetSPI/aws_consoler) you can create links that will allow you to access the AWS Console. In this example we will walk through gathering credentials and using those credentials along with Consoler to generate a Console link.
 
 First, we need to gather valid IAM credentials. These are typically found a number of different ways. In this example, we have shell access to an EC2 instance with an attached role and we will curl the metadata service to access them.