π AWS Account Root User has active access keys π’ | 1 | π’ x6 |
π AWS EC2 Auto Scaling Group behind ELB assigns public IP to instances π’ | 1 | π’ x6 |
π AWS EC2 Auto Scaling Group Launch Template is not configured to require IMDSv2 π’ | 1 | π’ x6 |
π AWS EC2 Instance IMDSv2 is not enabled π’ | 1 | π’ x6 |
π AWS IAM Policy allows full administrative privileges π’ | 1 | π’ x6 |
π AWS IAM User has inline or directly attached policies π’ | 1 | π x1, π’ x5 |
π AWS IAM User with credentials unused for 45 days or more is not disabled π’ | 1 | π’ x6 |
π AWS RDS Snapshot is publicly accessible π’ | 1 | π’ x6 |
π AWS S3 Bucket is not configured to block public access π’ | 1 | π’ x6 |
π Google BigQuery Dataset is anonymously or publicly accessible π’ | 1 | π’ x6 |
π Google Cloud MySQL Instance Skip_show_database Database Flag is not set to on π’ | 1 | π’ x6 |
π Google Cloud SQL Instance External Authorized Networks do not whitelist all public IP addresses π’ | 1 | π’ x6 |
π Google Cloud SQL Instance has public IP addresses π’ | 1 | π’ x6 |
π Google Cloud SQL Server Instance cross db ownership chaining Database Flag is not set to off π’ | 1 | π’ x6 |
π Google GCE Instance has a public IP address π’ | 1 | π’ x6 |
π Google IAM Service Account has admin privileges π’ | 1 | π’ x6 |
π Google IAM Users are assigned the Service Account User or Service Account Token Creator roles at Project level π’ | 1 | π’ x6 |
π Google KMS Crypto Key is anonymously or publicly accessible π π’ | | π x1, π’ x3 |
π Google Logging Log Sink exports logs to a Storage Bucket without Bucket Lock π’ | 1 | π’ x6 |
π Google Storage Bucket is anonymously or publicly accessible π’ | 1 | π’ x6 |
π Google Storage Bucket Uniform Bucket-Level Access is not enabled π’ | 1 | π’ x6 |
π Google User has both Service Account Admin and Service Account User roles assigned π’ | 1 | π’ x6 |