[{"data":1,"prerenderedAt":1451},["ShallowReactive",2],{"\u002F2026\u002Faws-cloudgoat-iam-enum-basics-cozumu\u002F":3,"surround-\u002F2026\u002Faws-cloudgoat-iam-enum-basics-cozumu":1445},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"updated":10,"image":11,"categories":12,"tags":14,"draft":6,"readingTime":19,"body":24,"_type":1438,"_id":1439,"_source":1440,"_file":1441,"_stem":1442,"_extension":1443,"_original_dir":1444},"\u002F2026\u002Faws-cloudgoat-iam-enum-basics-cozumu","2026",false,"","CloudGoat iam_enum_basics Çözümü: Sadece ReadOnly ile AWS Nasıl Ele Geçirilir?","Sadece ReadOnly yetkileriyle AWS hesabı ele geçirilebilir mi? CloudGoat iam_enum_basics senaryosunun 5 gizli bayraklı adım adım Türkçe çözüm rehberi.","2026-06-02T10:50:32.000Z","https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Faws-cloudgoat-iam-enum-basics-cozumu\u002Fthumbnail.jpg",[13],"Cloud",[15,16,17,18],"AWS","Security","CloudGoat","IAM",{"text":20,"minutes":21,"time":22,"words":23},"5 min read",4.61,276600,922,{"type":25,"children":26,"toc":1424},"root",[27,45,67,109,113,120,125,485,488,494,523,558,571,576,582,595,627,648,652,658,663,718,723,738,775,779,839,843,875,881,886,893,934,938,974,1023,1027,1033,1072,1076,1111,1152,1156,1184,1190,1211,1260,1288,1308,1312,1318,1335,1344,1358,1364,1369,1375,1418],{"type":28,"tag":29,"props":30,"children":31},"element","p",{},[32,35,43],{"type":33,"value":34},"text","AWS sızma testlerinde ve bulut güvenliği analizlerinde ilk karşılaşılan alanlardan biri IAM (Identity and Access Management) yapılandırmalarıdır. ",{"type":28,"tag":36,"props":37,"children":40},"badge",{"link":38,"icon":39},"https:\u002F\u002Fgithub.com\u002FRhinoSecurityLabs\u002Fcloudgoat","ri:github-fill",[41],{"type":33,"value":42},"Rhino Security Labs",{"type":33,"value":44}," tarafından geliştirilen CloudGoat, bu yapılandırmalardaki güvenlik açıklarını analiz etmek için tasarlanmış bir laboratuvar ortamı sunar.",{"type":28,"tag":29,"props":46,"children":47},{},[48,50,57,59,65],{"type":33,"value":49},"Bu yazıda, CloudGoat bünyesindeki ",{"type":28,"tag":51,"props":52,"children":54},"code",{"className":53},[],[55],{"type":33,"value":56},"iam_enum_basics",{"type":33,"value":58}," senaryosunu ele alacağız. Amacımız, sınırlı yetkilere sahip ",{"type":28,"tag":51,"props":60,"children":62},{"className":61},[],[63],{"type":33,"value":64},"Bob",{"type":33,"value":66}," kullanıcısı ile AWS hesabı üzerinde keşif (enumeration) yapmak ve sistem mimarisine gizlenmiş 5 adet bayrağı (flag) tespit etmektir.",{"type":28,"tag":68,"props":69,"children":72},"alert",{"title":70,"type":71},"Key Takeaways","info",[73],{"type":28,"tag":74,"props":75,"children":76},"ul",{},[77,89,99],{"type":28,"tag":78,"props":79,"children":80},"li",{},[81,87],{"type":28,"tag":82,"props":83,"children":84},"strong",{},[85],{"type":33,"value":86},"Sızma Testinde Altın Kural:",{"type":33,"value":88}," IAM keşiflerinde satır içi (inline) ve yönetilen (managed) politikalar mutlaka ayrı ayrı listelenmeli ve sürüm geçmişleri kontrol edilmelidir.",{"type":28,"tag":78,"props":90,"children":91},{},[92,97],{"type":28,"tag":82,"props":93,"children":94},{},[95],{"type":33,"value":96},"Bilgi Sızıntısı (Information Leakage):",{"type":33,"value":98}," Sadece okuma yetkiniz olsa bile, IAM grup yolları (paths) veya kaynak tanımları kritik veriler sızdırabilir.",{"type":28,"tag":78,"props":100,"children":101},{},[102,107],{"type":28,"tag":82,"props":103,"children":104},{},[105],{"type":33,"value":106},"Yanal Hareket (Lateral Movement):",{"type":33,"value":108}," Roller arasındaki güven ilişkileri (Trust Policies) dikkatlice analiz edilerek dikey veya yatay yetki yükseltme yolları aranmalıdır.",{"type":28,"tag":110,"props":111,"children":112},"hr",{},[],{"type":28,"tag":114,"props":115,"children":117},"h2",{"id":116},"senaryo-mimarisi-ve-keşif-haritası",[118],{"type":33,"value":119},"Senaryo Mimarisi ve Keşif Haritası",{"type":28,"tag":29,"props":121,"children":122},{},[123],{"type":33,"value":124},"Bob kullanıcısının sahip olduğu sınırlı yetkilerle başlayıp AWS IAM bileşenlerini keşfederek 5 adet gizli bayrağa (flag) ulaşma yollarını gösteren mimari harita aşağıdaki gibidir:",{"type":28,"tag":126,"props":127,"children":131},"pre",{"className":128,"code":129,"language":130,"meta":7,"style":7},"language-mermaid shiki shiki-themes catppuccin-latte one-dark-pro","graph TD\n    %% CSS Sınıfları ve Renk Paleti\n    classDef bobClass fill:#ff7675,stroke:#d63031,stroke-width:2px,color:#fff;\n    classDef flagClass fill:#2ecc71,stroke:#27ae60,stroke-width:2px,color:#fff;\n    classDef iamClass fill:#74b9ff,stroke:#0984e3,stroke-width:1px,color:#fff;\n    classDef s3Class fill:#ffeaa7,stroke:#fdcb6e,stroke-width:1px,color:#2d3436;\n\n    Bob[\"Bob (cg-bob)\u003Cbr\u002F>Başlangıç IAM Kullanıcısı\"]:::bobClass\n    \n    subgraph Keşif Hedefleri [\"IAM Keşif (Enumeration) Hedefleri\"]\n        Group[\"cg-flag3-group\u003Cbr\u002F>(IAM Grubu)\"]:::iamClass\n        Role[\"cg-flag4-role\u003Cbr\u002F>(IAM Rolü)\"]:::iamClass\n        ManagedPolicy[\"cg-flag1-managed-policy\u003Cbr\u002F>(Yönetilen Politika)\"]:::iamClass\n        InlinePolicy[\"cg-flag2-inline-policy\u003Cbr\u002F>(Satır İçi Politika)\"]:::iamClass\n    end\n\n    subgraph Elde Edilen Bayraklar [\"Elde Edilen 5 Bayrak (Flag)\"]\n        Flag1[\"Bayrak 1\u003Cbr\u002F>HSM{m4n4g3d_p0l1cy_m4st3r}\u003Cbr\u002F>(Politika Açıklamasında)\"]:::flagClass\n        Flag2[\"Bayrak 2\u003Cbr\u002F>HSM1nl1n3p0l1cyd1sc0v3r3d\u003Cbr\u002F>(Inline Politika Statement ID'de)\"]:::flagClass\n        Flag3[\"Bayrak 3\u003Cbr\u002F>HSM_gr0up_m3mb3rsh1p_f0und\u003Cbr\u002F>(Grup Meta-veri Yolunda)\"]:::flagClass\n        Flag4[\"Bayrak 4\u003Cbr\u002F>HSM-r0l3_trus1_f0und-FLAG\u003Cbr\u002F>(Rol Etiketlerinde - Tags)\"]:::flagClass\n        Flag5[\"Bayrak 5\u003Cbr\u002F>HSM{s3cr3t_js0n_str1ng}\u003Cbr\u002F>(S3 Kova İsmi\u002FARN'inde)\"]:::flagClass\n    end\n\n    S3Bucket[\"S3 Kova Kaynağı\u003Cbr\u002F>arn:aws:s3:::HSM{s3cr3t_js0n_str1ng}\"]:::s3Class\n\n    %% Keşif Bağlantıları\n    Bob -->|\"list-attached-user-policies\"| ManagedPolicy\n    Bob -->|\"list-user-policies\"| InlinePolicy\n    Bob -->|\"list-groups\"| Group\n    Bob -->|\"list-roles\"| Role\n    \n    %% Bayrak Çıkarma Bağlantıları\n    ManagedPolicy -->|\"get-policy\"| Flag1\n    InlinePolicy -->|\"get-user-policy\"| Flag2\n    Group -->|\".Path Değeri\"| Flag3\n    Role -->|\".Tags Değeri\"| Flag4\n    ManagedPolicy -->|\"get-policy-version (v1)\"| S3Bucket\n    S3Bucket -->|\"Kova Adı Bayraktır\"| Flag5\n","mermaid",[132],{"type":28,"tag":51,"props":133,"children":134},{"__ignoreMap":7},[135,147,156,165,174,183,192,202,211,220,229,238,247,256,265,274,282,291,300,309,318,327,336,344,352,361,369,378,387,396,405,414,422,431,440,449,458,467,476],{"type":28,"tag":136,"props":137,"children":140},"span",{"class":138,"line":139},"line",1,[141],{"type":28,"tag":136,"props":142,"children":144},{"style":143},"--shiki-default:#4C4F69;--shiki-dark:#ABB2BF",[145],{"type":33,"value":146},"graph TD\n",{"type":28,"tag":136,"props":148,"children":150},{"class":138,"line":149},2,[151],{"type":28,"tag":136,"props":152,"children":153},{"style":143},[154],{"type":33,"value":155},"    %% CSS Sınıfları ve Renk Paleti\n",{"type":28,"tag":136,"props":157,"children":159},{"class":138,"line":158},3,[160],{"type":28,"tag":136,"props":161,"children":162},{"style":143},[163],{"type":33,"value":164},"    classDef bobClass fill:#ff7675,stroke:#d63031,stroke-width:2px,color:#fff;\n",{"type":28,"tag":136,"props":166,"children":168},{"class":138,"line":167},4,[169],{"type":28,"tag":136,"props":170,"children":171},{"style":143},[172],{"type":33,"value":173},"    classDef flagClass fill:#2ecc71,stroke:#27ae60,stroke-width:2px,color:#fff;\n",{"type":28,"tag":136,"props":175,"children":177},{"class":138,"line":176},5,[178],{"type":28,"tag":136,"props":179,"children":180},{"style":143},[181],{"type":33,"value":182},"    classDef iamClass fill:#74b9ff,stroke:#0984e3,stroke-width:1px,color:#fff;\n",{"type":28,"tag":136,"props":184,"children":186},{"class":138,"line":185},6,[187],{"type":28,"tag":136,"props":188,"children":189},{"style":143},[190],{"type":33,"value":191},"    classDef s3Class fill:#ffeaa7,stroke:#fdcb6e,stroke-width:1px,color:#2d3436;\n",{"type":28,"tag":136,"props":193,"children":195},{"class":138,"line":194},7,[196],{"type":28,"tag":136,"props":197,"children":199},{"emptyLinePlaceholder":198},true,[200],{"type":33,"value":201},"\n",{"type":28,"tag":136,"props":203,"children":205},{"class":138,"line":204},8,[206],{"type":28,"tag":136,"props":207,"children":208},{"style":143},[209],{"type":33,"value":210},"    Bob[\"Bob (cg-bob)\u003Cbr\u002F>Başlangıç IAM Kullanıcısı\"]:::bobClass\n",{"type":28,"tag":136,"props":212,"children":214},{"class":138,"line":213},9,[215],{"type":28,"tag":136,"props":216,"children":217},{"style":143},[218],{"type":33,"value":219},"    \n",{"type":28,"tag":136,"props":221,"children":223},{"class":138,"line":222},10,[224],{"type":28,"tag":136,"props":225,"children":226},{"style":143},[227],{"type":33,"value":228},"    subgraph Keşif Hedefleri [\"IAM Keşif (Enumeration) Hedefleri\"]\n",{"type":28,"tag":136,"props":230,"children":232},{"class":138,"line":231},11,[233],{"type":28,"tag":136,"props":234,"children":235},{"style":143},[236],{"type":33,"value":237},"        Group[\"cg-flag3-group\u003Cbr\u002F>(IAM Grubu)\"]:::iamClass\n",{"type":28,"tag":136,"props":239,"children":241},{"class":138,"line":240},12,[242],{"type":28,"tag":136,"props":243,"children":244},{"style":143},[245],{"type":33,"value":246},"        Role[\"cg-flag4-role\u003Cbr\u002F>(IAM Rolü)\"]:::iamClass\n",{"type":28,"tag":136,"props":248,"children":250},{"class":138,"line":249},13,[251],{"type":28,"tag":136,"props":252,"children":253},{"style":143},[254],{"type":33,"value":255},"        ManagedPolicy[\"cg-flag1-managed-policy\u003Cbr\u002F>(Yönetilen Politika)\"]:::iamClass\n",{"type":28,"tag":136,"props":257,"children":259},{"class":138,"line":258},14,[260],{"type":28,"tag":136,"props":261,"children":262},{"style":143},[263],{"type":33,"value":264},"        InlinePolicy[\"cg-flag2-inline-policy\u003Cbr\u002F>(Satır İçi Politika)\"]:::iamClass\n",{"type":28,"tag":136,"props":266,"children":268},{"class":138,"line":267},15,[269],{"type":28,"tag":136,"props":270,"children":271},{"style":143},[272],{"type":33,"value":273},"    end\n",{"type":28,"tag":136,"props":275,"children":277},{"class":138,"line":276},16,[278],{"type":28,"tag":136,"props":279,"children":280},{"emptyLinePlaceholder":198},[281],{"type":33,"value":201},{"type":28,"tag":136,"props":283,"children":285},{"class":138,"line":284},17,[286],{"type":28,"tag":136,"props":287,"children":288},{"style":143},[289],{"type":33,"value":290},"    subgraph Elde Edilen Bayraklar [\"Elde Edilen 5 Bayrak (Flag)\"]\n",{"type":28,"tag":136,"props":292,"children":294},{"class":138,"line":293},18,[295],{"type":28,"tag":136,"props":296,"children":297},{"style":143},[298],{"type":33,"value":299},"        Flag1[\"Bayrak 1\u003Cbr\u002F>HSM{m4n4g3d_p0l1cy_m4st3r}\u003Cbr\u002F>(Politika Açıklamasında)\"]:::flagClass\n",{"type":28,"tag":136,"props":301,"children":303},{"class":138,"line":302},19,[304],{"type":28,"tag":136,"props":305,"children":306},{"style":143},[307],{"type":33,"value":308},"        Flag2[\"Bayrak 2\u003Cbr\u002F>HSM1nl1n3p0l1cyd1sc0v3r3d\u003Cbr\u002F>(Inline Politika Statement ID'de)\"]:::flagClass\n",{"type":28,"tag":136,"props":310,"children":312},{"class":138,"line":311},20,[313],{"type":28,"tag":136,"props":314,"children":315},{"style":143},[316],{"type":33,"value":317},"        Flag3[\"Bayrak 3\u003Cbr\u002F>HSM_gr0up_m3mb3rsh1p_f0und\u003Cbr\u002F>(Grup Meta-veri Yolunda)\"]:::flagClass\n",{"type":28,"tag":136,"props":319,"children":321},{"class":138,"line":320},21,[322],{"type":28,"tag":136,"props":323,"children":324},{"style":143},[325],{"type":33,"value":326},"        Flag4[\"Bayrak 4\u003Cbr\u002F>HSM-r0l3_trus1_f0und-FLAG\u003Cbr\u002F>(Rol Etiketlerinde - Tags)\"]:::flagClass\n",{"type":28,"tag":136,"props":328,"children":330},{"class":138,"line":329},22,[331],{"type":28,"tag":136,"props":332,"children":333},{"style":143},[334],{"type":33,"value":335},"        Flag5[\"Bayrak 5\u003Cbr\u002F>HSM{s3cr3t_js0n_str1ng}\u003Cbr\u002F>(S3 Kova İsmi\u002FARN'inde)\"]:::flagClass\n",{"type":28,"tag":136,"props":337,"children":339},{"class":138,"line":338},23,[340],{"type":28,"tag":136,"props":341,"children":342},{"style":143},[343],{"type":33,"value":273},{"type":28,"tag":136,"props":345,"children":347},{"class":138,"line":346},24,[348],{"type":28,"tag":136,"props":349,"children":350},{"emptyLinePlaceholder":198},[351],{"type":33,"value":201},{"type":28,"tag":136,"props":353,"children":355},{"class":138,"line":354},25,[356],{"type":28,"tag":136,"props":357,"children":358},{"style":143},[359],{"type":33,"value":360},"    S3Bucket[\"S3 Kova Kaynağı\u003Cbr\u002F>arn:aws:s3:::HSM{s3cr3t_js0n_str1ng}\"]:::s3Class\n",{"type":28,"tag":136,"props":362,"children":364},{"class":138,"line":363},26,[365],{"type":28,"tag":136,"props":366,"children":367},{"emptyLinePlaceholder":198},[368],{"type":33,"value":201},{"type":28,"tag":136,"props":370,"children":372},{"class":138,"line":371},27,[373],{"type":28,"tag":136,"props":374,"children":375},{"style":143},[376],{"type":33,"value":377},"    %% Keşif Bağlantıları\n",{"type":28,"tag":136,"props":379,"children":381},{"class":138,"line":380},28,[382],{"type":28,"tag":136,"props":383,"children":384},{"style":143},[385],{"type":33,"value":386},"    Bob -->|\"list-attached-user-policies\"| ManagedPolicy\n",{"type":28,"tag":136,"props":388,"children":390},{"class":138,"line":389},29,[391],{"type":28,"tag":136,"props":392,"children":393},{"style":143},[394],{"type":33,"value":395},"    Bob -->|\"list-user-policies\"| InlinePolicy\n",{"type":28,"tag":136,"props":397,"children":399},{"class":138,"line":398},30,[400],{"type":28,"tag":136,"props":401,"children":402},{"style":143},[403],{"type":33,"value":404},"    Bob -->|\"list-groups\"| Group\n",{"type":28,"tag":136,"props":406,"children":408},{"class":138,"line":407},31,[409],{"type":28,"tag":136,"props":410,"children":411},{"style":143},[412],{"type":33,"value":413},"    Bob -->|\"list-roles\"| Role\n",{"type":28,"tag":136,"props":415,"children":417},{"class":138,"line":416},32,[418],{"type":28,"tag":136,"props":419,"children":420},{"style":143},[421],{"type":33,"value":219},{"type":28,"tag":136,"props":423,"children":425},{"class":138,"line":424},33,[426],{"type":28,"tag":136,"props":427,"children":428},{"style":143},[429],{"type":33,"value":430},"    %% Bayrak Çıkarma Bağlantıları\n",{"type":28,"tag":136,"props":432,"children":434},{"class":138,"line":433},34,[435],{"type":28,"tag":136,"props":436,"children":437},{"style":143},[438],{"type":33,"value":439},"    ManagedPolicy -->|\"get-policy\"| Flag1\n",{"type":28,"tag":136,"props":441,"children":443},{"class":138,"line":442},35,[444],{"type":28,"tag":136,"props":445,"children":446},{"style":143},[447],{"type":33,"value":448},"    InlinePolicy -->|\"get-user-policy\"| Flag2\n",{"type":28,"tag":136,"props":450,"children":452},{"class":138,"line":451},36,[453],{"type":28,"tag":136,"props":454,"children":455},{"style":143},[456],{"type":33,"value":457},"    Group -->|\".Path Değeri\"| Flag3\n",{"type":28,"tag":136,"props":459,"children":461},{"class":138,"line":460},37,[462],{"type":28,"tag":136,"props":463,"children":464},{"style":143},[465],{"type":33,"value":466},"    Role -->|\".Tags Değeri\"| Flag4\n",{"type":28,"tag":136,"props":468,"children":470},{"class":138,"line":469},38,[471],{"type":28,"tag":136,"props":472,"children":473},{"style":143},[474],{"type":33,"value":475},"    ManagedPolicy -->|\"get-policy-version (v1)\"| S3Bucket\n",{"type":28,"tag":136,"props":477,"children":479},{"class":138,"line":478},39,[480],{"type":28,"tag":136,"props":481,"children":482},{"style":143},[483],{"type":33,"value":484},"    S3Bucket -->|\"Kova Adı Bayraktır\"| Flag5\n",{"type":28,"tag":110,"props":486,"children":487},{},[],{"type":28,"tag":114,"props":489,"children":491},{"id":490},"adım-1-bobun-kimlik-kartını-oluşturmak",[492],{"type":33,"value":493},"Adım 1: Bob'un Kimlik Kartını Oluşturmak",{"type":28,"tag":29,"props":495,"children":496},{},[497,499,505,507,513,515,521],{"type":33,"value":498},"AWS sızma testlerinde ilk adım yerel ortamı yapılandırmaktır. CloudGoat'un sağladığı ",{"type":28,"tag":51,"props":500,"children":502},{"className":501},[],[503],{"type":33,"value":504},"Access Key ID",{"type":33,"value":506}," ve ",{"type":28,"tag":51,"props":508,"children":510},{"className":509},[],[511],{"type":33,"value":512},"Secret Access Key",{"type":33,"value":514}," bilgilerini kullanarak yerel ortamda ",{"type":28,"tag":51,"props":516,"children":518},{"className":517},[],[519],{"type":33,"value":520},"bob",{"type":33,"value":522}," adında izole bir AWS CLI profili tanımlıyoruz.",{"type":28,"tag":126,"props":524,"children":528},{"className":525,"code":526,"language":527,"meta":7,"style":7},"language-bash shiki shiki-themes catppuccin-latte one-dark-pro","aws configure --profile bob\n","bash",[529],{"type":28,"tag":51,"props":530,"children":531},{"__ignoreMap":7},[532],{"type":28,"tag":136,"props":533,"children":534},{"class":138,"line":139},[535,541,547,553],{"type":28,"tag":136,"props":536,"children":538},{"style":537},"--shiki-default:#1E66F5;--shiki-default-font-style:italic;--shiki-dark:#61AFEF;--shiki-dark-font-style:inherit",[539],{"type":33,"value":540},"aws",{"type":28,"tag":136,"props":542,"children":544},{"style":543},"--shiki-default:#40A02B;--shiki-dark:#98C379",[545],{"type":33,"value":546}," configure",{"type":28,"tag":136,"props":548,"children":550},{"style":549},"--shiki-default:#40A02B;--shiki-dark:#D19A66",[551],{"type":33,"value":552}," --profile",{"type":28,"tag":136,"props":554,"children":555},{"style":543},[556],{"type":33,"value":557}," bob\n",{"type":28,"tag":29,"props":559,"children":560},{},[561,563,569],{"type":33,"value":562},"Komutu çalıştırdıktan sonra AWS CLI üzerinden Access Key ve Secret Access Key bilgilerini tanımlıyoruz. Varsayılan bölge (Default region) olarak ",{"type":28,"tag":51,"props":564,"children":566},{"className":565},[],[567],{"type":33,"value":568},"us-east-1",{"type":33,"value":570}," değerini belirliyoruz.",{"type":28,"tag":572,"props":573,"children":575},"pic",{"src":574},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Faws-cloudgoat-iam-enum-basics-cozumu\u002F1.jpg",[],{"type":28,"tag":114,"props":577,"children":579},{"id":578},"adım-2-kullanıcı-keşfi-user-enumeration",[580],{"type":33,"value":581},"Adım 2: Kullanıcı Keşfi (User Enumeration)",{"type":28,"tag":29,"props":583,"children":584},{},[585,587,593],{"type":33,"value":586},"Bulut keşif (reconnaissance) aşamasında, hedef AWS hesabında hangi aktörlerin tanımlı olduğunu bilmek saldırı yüzeyini anlamak için kritik bir adımdır. ",{"type":28,"tag":51,"props":588,"children":590},{"className":589},[],[591],{"type":33,"value":592},"aws iam list-users",{"type":33,"value":594}," komutu, yetkilerimiz dahilinde hesaptaki tüm IAM kullanıcılarını listelememizi sağlar. Kendi kullanıcımızın tam adını ve varsa diğer potansiyel hedefleri haritalandırmak için bu komutu çalıştırıyoruz:",{"type":28,"tag":126,"props":596,"children":598},{"className":525,"code":597,"language":527,"meta":7,"style":7},"aws iam list-users --profile bob\n",[599],{"type":28,"tag":51,"props":600,"children":601},{"__ignoreMap":7},[602],{"type":28,"tag":136,"props":603,"children":604},{"class":138,"line":139},[605,609,614,619,623],{"type":28,"tag":136,"props":606,"children":607},{"style":537},[608],{"type":33,"value":540},{"type":28,"tag":136,"props":610,"children":611},{"style":543},[612],{"type":33,"value":613}," iam",{"type":28,"tag":136,"props":615,"children":616},{"style":543},[617],{"type":33,"value":618}," list-users",{"type":28,"tag":136,"props":620,"children":621},{"style":549},[622],{"type":33,"value":552},{"type":28,"tag":136,"props":624,"children":625},{"style":543},[626],{"type":33,"value":557},{"type":28,"tag":29,"props":628,"children":629},{},[630,632,638,640,646],{"type":33,"value":631},"Komut çıktısında hesaptaki kullanıcılar listelenir. Bu senaryoda kendi kullanıcımız olan ",{"type":28,"tag":51,"props":633,"children":635},{"className":634},[],[636],{"type":33,"value":637},"cg-bob-cgidf5o4l14u1y",{"type":33,"value":639}," değerini ve ARN adresini tespit ederek not alıyoruz. Kullanıcı adının sonundaki benzersiz imza (",{"type":28,"tag":51,"props":641,"children":643},{"className":642},[],[644],{"type":33,"value":645},"cgidf5o4...",{"type":33,"value":647},"), sonraki adımlarda sorgulayacağımız diğer kaynakları bulmamızda anahtar rol oynayacaktır.",{"type":28,"tag":572,"props":649,"children":651},{"src":650},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Faws-cloudgoat-iam-enum-basics-cozumu\u002F2.jpg",[],{"type":28,"tag":114,"props":653,"children":655},{"id":654},"adım-3-etrafta-başka-kimler-var-grup-ve-rol-keşfi",[656],{"type":33,"value":657},"Adım 3: Etrafta Başka Kimler Var? (Grup ve Rol Keşfi)",{"type":28,"tag":29,"props":659,"children":660},{},[661],{"type":33,"value":662},"AWS ortamındaki diğer yapı taşlarını -yani grupları ve rolleri- tarayarak Bob'un yetki alanı dışındaki kaynakları incelemeye başlıyoruz.",{"type":28,"tag":126,"props":664,"children":666},{"className":525,"code":665,"language":527,"meta":7,"style":7},"aws iam list-groups --profile bob\naws iam list-roles --profile bob\n",[667],{"type":28,"tag":51,"props":668,"children":669},{"__ignoreMap":7},[670,694],{"type":28,"tag":136,"props":671,"children":672},{"class":138,"line":139},[673,677,681,686,690],{"type":28,"tag":136,"props":674,"children":675},{"style":537},[676],{"type":33,"value":540},{"type":28,"tag":136,"props":678,"children":679},{"style":543},[680],{"type":33,"value":613},{"type":28,"tag":136,"props":682,"children":683},{"style":543},[684],{"type":33,"value":685}," list-groups",{"type":28,"tag":136,"props":687,"children":688},{"style":549},[689],{"type":33,"value":552},{"type":28,"tag":136,"props":691,"children":692},{"style":543},[693],{"type":33,"value":557},{"type":28,"tag":136,"props":695,"children":696},{"class":138,"line":149},[697,701,705,710,714],{"type":28,"tag":136,"props":698,"children":699},{"style":537},[700],{"type":33,"value":540},{"type":28,"tag":136,"props":702,"children":703},{"style":543},[704],{"type":33,"value":613},{"type":28,"tag":136,"props":706,"children":707},{"style":543},[708],{"type":33,"value":709}," list-roles",{"type":28,"tag":136,"props":711,"children":712},{"style":549},[713],{"type":33,"value":552},{"type":28,"tag":136,"props":715,"children":716},{"style":543},[717],{"type":33,"value":557},{"type":28,"tag":29,"props":719,"children":720},{},[721],{"type":33,"value":722},"Komut çıktılarında iki adet zayıf nokta ve ipucu tespit ediyoruz:",{"type":28,"tag":724,"props":725,"children":727},"quote",{"icon":726},"ph:lightbulb-duotone",[728],{"type":28,"tag":29,"props":729,"children":730},{},[731,736],{"type":28,"tag":82,"props":732,"children":733},{},[734],{"type":33,"value":735},"Atıf Kapsülü:",{"type":33,"value":737}," IAM grup yolu (path) öznitelikleri genellikle göz ardı edilir ancak kritik mimari verileri sızdırabilir. Bu senaryoda grupların listelenmesi, doğrudan üçüncü gizli bayrağı barındıran bir grup yolu meta verisini açığa çıkarmaktadır.",{"type":28,"tag":74,"props":739,"children":740},{},[741],{"type":28,"tag":78,"props":742,"children":743},{},[744,749,751,757,759,765,767,773],{"type":28,"tag":82,"props":745,"children":746},{},[747],{"type":33,"value":748},"Grup Detayındaki Bayrak (Flag 3):",{"type":33,"value":750}," Sistemde yer alan ",{"type":28,"tag":51,"props":752,"children":754},{"className":753},[],[755],{"type":33,"value":756},"cg-flag3-group-cgidf504114u1y",{"type":33,"value":758}," grubunun ",{"type":28,"tag":51,"props":760,"children":762},{"className":761},[],[763],{"type":33,"value":764},"Path",{"type":33,"value":766}," özniteliğinde üçüncü bayrak değeri saklıdır: ",{"type":28,"tag":51,"props":768,"children":770},{"className":769},[],[771],{"type":33,"value":772},"HSM_gr0up_m3mb3rsh1p_f0und",{"type":33,"value":774},".",{"type":28,"tag":572,"props":776,"children":778},{"src":777},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Faws-cloudgoat-iam-enum-basics-cozumu\u002F3.jpg",[],{"type":28,"tag":74,"props":780,"children":781},{},[782],{"type":28,"tag":78,"props":783,"children":784},{},[785,790,792,798,800,806,808,814,816,822,824,830,832,838],{"type":28,"tag":82,"props":786,"children":787},{},[788],{"type":33,"value":789},"Rollerin Güven İlişkisi ve Etiketler (Flag 4):",{"type":33,"value":791}," Listelenen ",{"type":28,"tag":51,"props":793,"children":795},{"className":794},[],[796],{"type":33,"value":797},"cg-flag4-role-cgidf504114u1y",{"type":33,"value":799}," rolünün güven dökümanına (",{"type":28,"tag":51,"props":801,"children":803},{"className":802},[],[804],{"type":33,"value":805},"AssumeRolePolicyDocument",{"type":33,"value":807},") baktığımızda, bu rolü üstlenme (",{"type":28,"tag":51,"props":809,"children":811},{"className":810},[],[812],{"type":33,"value":813},"sts:AssumeRole",{"type":33,"value":815},") yetkisinin doğrudan ",{"type":28,"tag":51,"props":817,"children":819},{"className":818},[],[820],{"type":33,"value":821},"cg-bob",{"type":33,"value":823}," kullanıcısına verildiğini görüyoruz. Normal şartlarda bu rolün ",{"type":28,"tag":51,"props":825,"children":827},{"className":826},[],[828],{"type":33,"value":829},"Tags",{"type":33,"value":831}," (Etiketler) dizisi içerisine gizlenmiş olan dördüncü bayrağı elde ederiz: ",{"type":28,"tag":51,"props":833,"children":835},{"className":834},[],[836],{"type":33,"value":837},"HSM-r0l3_trus1_f0und-FLAG",{"type":33,"value":774},{"type":28,"tag":572,"props":840,"children":842},{"src":841},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Faws-cloudgoat-iam-enum-basics-cozumu\u002F4.jpg",[],{"type":28,"tag":68,"props":844,"children":847},{"title":845,"type":846},"LocalStack \u002F Floci AWS Emulator Notu","warning",[848],{"type":28,"tag":29,"props":849,"children":850},{},[851,853,859,861,866,868,873],{"type":33,"value":852},"Eğer bu laboratuvarı LocalStack, Floci veya benzeri bir lokal AWS emülatörü üzerinde çözüyorsanız, emülatörlerin IAM metadata kısıtlamalarından dolayı rolün ",{"type":28,"tag":51,"props":854,"children":856},{"className":855},[],[857],{"type":33,"value":858},"Description",{"type":33,"value":860}," (Açıklama) veya ",{"type":28,"tag":51,"props":862,"children":864},{"className":863},[],[865],{"type":33,"value":829},{"type":33,"value":867}," (Etiketler) gibi alanları yukarıdaki ekran görüntüsünde olduğu gibi boş veya eksik gelebilir. Gerçek AWS ortamlarında bu bayrak, rolün etiketler (",{"type":28,"tag":51,"props":869,"children":871},{"className":870},[],[872],{"type":33,"value":829},{"type":33,"value":874},") alanında açıkça görüntülenecektir.",{"type":28,"tag":114,"props":876,"children":878},{"id":877},"adım-4-politikaların-derinliklerine-i̇nmek-inline-vs-managed",[879],{"type":33,"value":880},"Adım 4: Politikaların Derinliklerine İnmek (Inline vs. Managed)",{"type":28,"tag":29,"props":882,"children":883},{},[884],{"type":33,"value":885},"Mevcut kullanıcının doğrudan yetkilerini incelemek amacıyla, satır içi (inline) ve yönetilen (managed) politikaları sorguluyoruz.",{"type":28,"tag":887,"props":888,"children":890},"h3",{"id":889},"_1-satır-i̇çi-politikaları-inline-policies-listeleme",[891],{"type":33,"value":892},"1. Satır İçi Politikaları (Inline Policies) Listeleme",{"type":28,"tag":126,"props":894,"children":896},{"className":525,"code":895,"language":527,"meta":7,"style":7},"aws iam list-user-policies --user-name cg-bob-cgidf5o4l14u1y --profile bob\n",[897],{"type":28,"tag":51,"props":898,"children":899},{"__ignoreMap":7},[900],{"type":28,"tag":136,"props":901,"children":902},{"class":138,"line":139},[903,907,911,916,921,926,930],{"type":28,"tag":136,"props":904,"children":905},{"style":537},[906],{"type":33,"value":540},{"type":28,"tag":136,"props":908,"children":909},{"style":543},[910],{"type":33,"value":613},{"type":28,"tag":136,"props":912,"children":913},{"style":543},[914],{"type":33,"value":915}," list-user-policies",{"type":28,"tag":136,"props":917,"children":918},{"style":549},[919],{"type":33,"value":920}," --user-name",{"type":28,"tag":136,"props":922,"children":923},{"style":543},[924],{"type":33,"value":925}," cg-bob-cgidf5o4l14u1y",{"type":28,"tag":136,"props":927,"children":928},{"style":549},[929],{"type":33,"value":552},{"type":28,"tag":136,"props":931,"children":932},{"style":543},[933],{"type":33,"value":557},{"type":28,"tag":572,"props":935,"children":937},{"src":936},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Faws-cloudgoat-iam-enum-basics-cozumu\u002F5.jpg",[],{"type":28,"tag":29,"props":939,"children":940},{},[941,943,949,951,957,959,965,967,973],{"type":33,"value":942},"Bu komut, kullanıcının üzerindeki ",{"type":28,"tag":51,"props":944,"children":946},{"className":945},[],[947],{"type":33,"value":948},"cg-flag2-inline-policy-cgidf504114u1y",{"type":33,"value":950}," satır içi politikasını listeler. Politikanın içeriği ",{"type":28,"tag":51,"props":952,"children":954},{"className":953},[],[955],{"type":33,"value":956},"get-user-policy",{"type":33,"value":958}," komutuyla okunduğunda, ",{"type":28,"tag":51,"props":960,"children":962},{"className":961},[],[963],{"type":33,"value":964},"Sid",{"type":33,"value":966}," (Statement ID) alanında ikinci bayrak elde edilir: ",{"type":28,"tag":51,"props":968,"children":970},{"className":969},[],[971],{"type":33,"value":972},"HSM1nl1n3p0l1cyd1sc0v3r3d",{"type":33,"value":774},{"type":28,"tag":126,"props":975,"children":977},{"className":525,"code":976,"language":527,"meta":7,"style":7},"aws iam get-user-policy --user-name cg-bob-cgidf5o4l14u1y --policy-name cg-flag2-inline-policy-cgidf504114u1y --profile bob\n",[978],{"type":28,"tag":51,"props":979,"children":980},{"__ignoreMap":7},[981],{"type":28,"tag":136,"props":982,"children":983},{"class":138,"line":139},[984,988,992,997,1001,1005,1010,1015,1019],{"type":28,"tag":136,"props":985,"children":986},{"style":537},[987],{"type":33,"value":540},{"type":28,"tag":136,"props":989,"children":990},{"style":543},[991],{"type":33,"value":613},{"type":28,"tag":136,"props":993,"children":994},{"style":543},[995],{"type":33,"value":996}," get-user-policy",{"type":28,"tag":136,"props":998,"children":999},{"style":549},[1000],{"type":33,"value":920},{"type":28,"tag":136,"props":1002,"children":1003},{"style":543},[1004],{"type":33,"value":925},{"type":28,"tag":136,"props":1006,"children":1007},{"style":549},[1008],{"type":33,"value":1009}," --policy-name",{"type":28,"tag":136,"props":1011,"children":1012},{"style":543},[1013],{"type":33,"value":1014}," cg-flag2-inline-policy-cgidf504114u1y",{"type":28,"tag":136,"props":1016,"children":1017},{"style":549},[1018],{"type":33,"value":552},{"type":28,"tag":136,"props":1020,"children":1021},{"style":543},[1022],{"type":33,"value":557},{"type":28,"tag":572,"props":1024,"children":1026},{"src":1025},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Faws-cloudgoat-iam-enum-basics-cozumu\u002F8.jpg",[],{"type":28,"tag":887,"props":1028,"children":1030},{"id":1029},"_2-yönetilen-politikaları-managed-policies-listeleme",[1031],{"type":33,"value":1032},"2. Yönetilen Politikaları (Managed Policies) Listeleme",{"type":28,"tag":126,"props":1034,"children":1036},{"className":525,"code":1035,"language":527,"meta":7,"style":7},"aws iam list-attached-user-policies --user-name cg-bob-cgidf5o4l14u1y --profile bob\n",[1037],{"type":28,"tag":51,"props":1038,"children":1039},{"__ignoreMap":7},[1040],{"type":28,"tag":136,"props":1041,"children":1042},{"class":138,"line":139},[1043,1047,1051,1056,1060,1064,1068],{"type":28,"tag":136,"props":1044,"children":1045},{"style":537},[1046],{"type":33,"value":540},{"type":28,"tag":136,"props":1048,"children":1049},{"style":543},[1050],{"type":33,"value":613},{"type":28,"tag":136,"props":1052,"children":1053},{"style":543},[1054],{"type":33,"value":1055}," list-attached-user-policies",{"type":28,"tag":136,"props":1057,"children":1058},{"style":549},[1059],{"type":33,"value":920},{"type":28,"tag":136,"props":1061,"children":1062},{"style":543},[1063],{"type":33,"value":925},{"type":28,"tag":136,"props":1065,"children":1066},{"style":549},[1067],{"type":33,"value":552},{"type":28,"tag":136,"props":1069,"children":1070},{"style":543},[1071],{"type":33,"value":557},{"type":28,"tag":572,"props":1073,"children":1075},{"src":1074},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Faws-cloudgoat-iam-enum-basics-cozumu\u002F6.jpg",[],{"type":28,"tag":29,"props":1077,"children":1078},{},[1079,1081,1087,1089,1095,1097,1102,1104,1110],{"type":33,"value":1080},"Kullanıcıya iliştirilmiş ",{"type":28,"tag":51,"props":1082,"children":1084},{"className":1083},[],[1085],{"type":33,"value":1086},"cg-flag1-managed-policy-cgidf504114u1y",{"type":33,"value":1088}," adında bir yönetilen politika tespit edilir. Normal şartlarda bu politikanın detayları ",{"type":28,"tag":51,"props":1090,"children":1092},{"className":1091},[],[1093],{"type":33,"value":1094},"get-policy",{"type":33,"value":1096}," ile sorgulandığında, ",{"type":28,"tag":51,"props":1098,"children":1100},{"className":1099},[],[1101],{"type":33,"value":858},{"type":33,"value":1103}," (Açıklama) alanında birinci bayrak elde edilir: ",{"type":28,"tag":51,"props":1105,"children":1107},{"className":1106},[],[1108],{"type":33,"value":1109},"HSM{m4n4g3d_p0l1cy_m4st3r}",{"type":33,"value":774},{"type":28,"tag":126,"props":1112,"children":1114},{"className":525,"code":1113,"language":527,"meta":7,"style":7},"aws iam get-policy --policy-arn arn:aws:iam::000000000000:policy\u002Fcg-flag1-managed-policy-cgidf504114u1y --profile bob\n",[1115],{"type":28,"tag":51,"props":1116,"children":1117},{"__ignoreMap":7},[1118],{"type":28,"tag":136,"props":1119,"children":1120},{"class":138,"line":139},[1121,1125,1129,1134,1139,1144,1148],{"type":28,"tag":136,"props":1122,"children":1123},{"style":537},[1124],{"type":33,"value":540},{"type":28,"tag":136,"props":1126,"children":1127},{"style":543},[1128],{"type":33,"value":613},{"type":28,"tag":136,"props":1130,"children":1131},{"style":543},[1132],{"type":33,"value":1133}," get-policy",{"type":28,"tag":136,"props":1135,"children":1136},{"style":549},[1137],{"type":33,"value":1138}," --policy-arn",{"type":28,"tag":136,"props":1140,"children":1141},{"style":543},[1142],{"type":33,"value":1143}," arn:aws:iam::000000000000:policy\u002Fcg-flag1-managed-policy-cgidf504114u1y",{"type":28,"tag":136,"props":1145,"children":1146},{"style":549},[1147],{"type":33,"value":552},{"type":28,"tag":136,"props":1149,"children":1150},{"style":543},[1151],{"type":33,"value":557},{"type":28,"tag":572,"props":1153,"children":1155},{"src":1154},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Faws-cloudgoat-iam-enum-basics-cozumu\u002F7.jpg",[],{"type":28,"tag":68,"props":1157,"children":1158},{"title":845,"type":846},[1159],{"type":28,"tag":29,"props":1160,"children":1161},{},[1162,1164,1169,1170,1175,1177,1182],{"type":33,"value":1163},"Eğer bu laboratuvarı LocalStack, Floci veya benzeri bir lokal AWS emülatörü üzerinde çözüyorsanız, emülatörlerin IAM metadata kısıtlamalarından dolayı ",{"type":28,"tag":51,"props":1165,"children":1167},{"className":1166},[],[1168],{"type":33,"value":858},{"type":33,"value":860},{"type":28,"tag":51,"props":1171,"children":1173},{"className":1172},[],[1174],{"type":33,"value":829},{"type":33,"value":1176}," (Etiketler) gibi alanlar yukarıdaki ekran görüntüsünde olduğu gibi boş gelebilir. Gerçek AWS ortamlarında bu bayrak, politikanın açıklama satırında (",{"type":28,"tag":51,"props":1178,"children":1180},{"className":1179},[],[1181],{"type":33,"value":858},{"type":33,"value":1183}," alanında) açıkça görüntülenecektir.",{"type":28,"tag":114,"props":1185,"children":1187},{"id":1186},"adım-5-son-kale-s3-sızıntısı",[1188],{"type":33,"value":1189},"Adım 5: Son Kale – S3 Sızıntısı",{"type":28,"tag":29,"props":1191,"children":1192},{},[1193,1195,1201,1203,1209],{"type":33,"value":1194},"Son bayrağı tespit etmek için ",{"type":28,"tag":51,"props":1196,"children":1198},{"className":1197},[],[1199],{"type":33,"value":1200},"cg-flag1",{"type":33,"value":1202}," politikasının detaylarına ve sürüm geçmişine bakılması gerekir. Politikanın ",{"type":28,"tag":51,"props":1204,"children":1206},{"className":1205},[],[1207],{"type":33,"value":1208},"v1",{"type":33,"value":1210}," sürüm dökümanını sorguluyoruz:",{"type":28,"tag":126,"props":1212,"children":1214},{"className":525,"code":1213,"language":527,"meta":7,"style":7},"aws iam get-policy-version --policy-arn arn:aws:iam::000000000000:policy\u002Fcg-flag1-managed-policy-cgidf504114u1y --version-id v1 --profile bob\n",[1215],{"type":28,"tag":51,"props":1216,"children":1217},{"__ignoreMap":7},[1218],{"type":28,"tag":136,"props":1219,"children":1220},{"class":138,"line":139},[1221,1225,1229,1234,1238,1242,1247,1252,1256],{"type":28,"tag":136,"props":1222,"children":1223},{"style":537},[1224],{"type":33,"value":540},{"type":28,"tag":136,"props":1226,"children":1227},{"style":543},[1228],{"type":33,"value":613},{"type":28,"tag":136,"props":1230,"children":1231},{"style":543},[1232],{"type":33,"value":1233}," get-policy-version",{"type":28,"tag":136,"props":1235,"children":1236},{"style":549},[1237],{"type":33,"value":1138},{"type":28,"tag":136,"props":1239,"children":1240},{"style":543},[1241],{"type":33,"value":1143},{"type":28,"tag":136,"props":1243,"children":1244},{"style":549},[1245],{"type":33,"value":1246}," --version-id",{"type":28,"tag":136,"props":1248,"children":1249},{"style":543},[1250],{"type":33,"value":1251}," v1",{"type":28,"tag":136,"props":1253,"children":1254},{"style":549},[1255],{"type":33,"value":552},{"type":28,"tag":136,"props":1257,"children":1258},{"style":543},[1259],{"type":33,"value":557},{"type":28,"tag":29,"props":1261,"children":1262},{},[1263,1265,1271,1273,1279,1281,1287],{"type":33,"value":1264},"Politikanın JSON içeriğini incelediğimizde, ",{"type":28,"tag":51,"props":1266,"children":1268},{"className":1267},[],[1269],{"type":33,"value":1270},"Statement",{"type":33,"value":1272}," altındaki ",{"type":28,"tag":51,"props":1274,"children":1276},{"className":1275},[],[1277],{"type":33,"value":1278},"Resource",{"type":33,"value":1280}," (Kaynak) alanında standart bir S3 kova (bucket) ismi yerine doğrudan beşinci bayrağın tanımlandığını görüyoruz: ",{"type":28,"tag":51,"props":1282,"children":1284},{"className":1283},[],[1285],{"type":33,"value":1286},"arn:aws:s3:::HSM{s3cr3t_js0n_str1ng}",{"type":33,"value":774},{"type":28,"tag":29,"props":1289,"children":1290},{},[1291,1293,1299,1300,1306],{"type":33,"value":1292},"Politika bu S3 kaynağı üzerinde ",{"type":28,"tag":51,"props":1294,"children":1296},{"className":1295},[],[1297],{"type":33,"value":1298},"ListBucket",{"type":33,"value":506},{"type":28,"tag":51,"props":1301,"children":1303},{"className":1302},[],[1304],{"type":33,"value":1305},"GetObject",{"type":33,"value":1307}," yetkileri tanımlamıştır. Yani son bayrağımız, Bob kullanıcısının okuma yetkisine sahip olduğu bu S3 kovasının isminin ta kendisidir!",{"type":28,"tag":572,"props":1309,"children":1311},{"src":1310},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Faws-cloudgoat-iam-enum-basics-cozumu\u002F10.jpg",[],{"type":28,"tag":114,"props":1313,"children":1315},{"id":1314},"sıkça-sorulan-sorular-faq",[1316],{"type":33,"value":1317},"Sıkça Sorulan Sorular (FAQ)",{"type":28,"tag":1319,"props":1320,"children":1322},"folding",{"title":1321},"CloudGoat lablarında neden tüm kaynak isimleri karmaşık harfler içeriyor?",[1323],{"type":28,"tag":29,"props":1324,"children":1325},{},[1326,1328,1333],{"type":33,"value":1327},"Her kurulumda benzersiz ID'ler (örn: ",{"type":28,"tag":51,"props":1329,"children":1331},{"className":1330},[],[1332],{"type":33,"value":645},{"type":33,"value":1334},") üretilir. Bunun nedeni, AWS üzerinde aynı isimde küresel kaynakların çakışmasını önlemek ve izole, güvenli bir lab ortamı yaratmaktır.",{"type":28,"tag":1319,"props":1336,"children":1338},{"title":1337},"IAM ReadOnly yetkisiyle sistemdeki verilere erişilebilir mi?",[1339],{"type":28,"tag":29,"props":1340,"children":1341},{},[1342],{"type":33,"value":1343},"Doğrudan bir veritabanı içeriğini okuyamazsınız ancak bu senaryoda olduğu gibi politika açıklamaları, grup yolları veya S3 kova isimleri gibi meta verilerin arasına gizlenmiş hassas girdileri ifşa edebilirsiniz. Bulut ortamlarında bilgi sızıntısı hafife alınmamalıdır.",{"type":28,"tag":1319,"props":1345,"children":1347},{"title":1346},"Bir roldeki AssumeRole yetkisi ne işe yarar?",[1348],{"type":28,"tag":29,"props":1349,"children":1350},{},[1351,1356],{"type":28,"tag":51,"props":1352,"children":1354},{"className":1353},[],[1355],{"type":33,"value":813},{"type":33,"value":1357}," yetkisi, bir kullanıcının veya servisin geçici olarak o rolün haklarına bürünmesini sağlar. Sızma testlerinde bu yetki, yatay veya dikey yetki yükseltme (privilege escalation) için en çok aranan açık kapılardan biridir.",{"type":28,"tag":114,"props":1359,"children":1361},{"id":1360},"kapanış-ve-son-notlar",[1362],{"type":33,"value":1363},"Kapanış ve Son Notlar",{"type":28,"tag":29,"props":1365,"children":1366},{},[1367],{"type":33,"value":1368},"iam_enum_basics senaryosu, bulut güvenliğinde salt okuma ve listeleme yetkilerinin bile kritik bilgi sızıntılarına (Information Leakage) yol açabileceğini göstermektedir. Güvenlik analizlerinde ve sızma testlerinde bu yetkilerin sıkılaştırılması, saldırı yüzeyinin daraltılması açısından önem arz eder.",{"type":28,"tag":114,"props":1370,"children":1372},{"id":1371},"kaynakça-ve-ek-okuma",[1373],{"type":33,"value":1374},"Kaynakça ve ek okuma",{"type":28,"tag":74,"props":1376,"children":1377},{},[1378,1390,1404],{"type":28,"tag":78,"props":1379,"children":1380},{},[1381,1383],{"type":33,"value":1382},"Rhino Security Labs, \"CloudGoat GitHub Repository\" - ",{"type":28,"tag":136,"props":1384,"children":1385},{},[1386],{"type":28,"tag":36,"props":1387,"children":1388},{"link":38,"icon":39},[1389],{"type":33,"value":42},{"type":28,"tag":78,"props":1391,"children":1392},{},[1393,1395],{"type":33,"value":1394},"AWS Documentation, \"Configuring the AWS CLI\" - ",{"type":28,"tag":136,"props":1396,"children":1397},{},[1398],{"type":28,"tag":36,"props":1399,"children":1401},{"link":1400},"https:\u002F\u002Fdocs.aws.amazon.com\u002Fcli\u002Flatest\u002Fuserguide\u002Fcli-chap-configure.html",[1402],{"type":33,"value":1403},"AWS CLI",{"type":28,"tag":78,"props":1405,"children":1406},{},[1407,1409],{"type":33,"value":1408},"AWS Documentation, \"Identity and Access Management (IAM) Best Practices\" - ",{"type":28,"tag":136,"props":1410,"children":1411},{},[1412],{"type":28,"tag":36,"props":1413,"children":1415},{"link":1414},"https:\u002F\u002Fdocs.aws.amazon.com\u002FIAM\u002Flatest\u002FUserGuide\u002Fbest-practices.html",[1416],{"type":33,"value":1417},"AWS Documentation",{"type":28,"tag":1419,"props":1420,"children":1421},"style",{},[1422],{"type":33,"value":1423},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":7,"searchDepth":167,"depth":167,"links":1425},[1426,1427,1428,1429,1430,1434,1435,1436,1437],{"id":116,"depth":149,"text":119},{"id":490,"depth":149,"text":493},{"id":578,"depth":149,"text":581},{"id":654,"depth":149,"text":657},{"id":877,"depth":149,"text":880,"children":1431},[1432,1433],{"id":889,"depth":158,"text":892},{"id":1029,"depth":158,"text":1032},{"id":1186,"depth":149,"text":1189},{"id":1314,"depth":149,"text":1317},{"id":1360,"depth":149,"text":1363},{"id":1371,"depth":149,"text":1374},"markdown","content:posts:2026:aws-cloudgoat-iam-enum-basics-cozumu.md","content","posts\u002F2026\u002Faws-cloudgoat-iam-enum-basics-cozumu.md","posts\u002F2026\u002Faws-cloudgoat-iam-enum-basics-cozumu","md","\u002Fposts",[1446,1450],{"_path":1447,"title":1448,"date":1449},"\u002F2026\u002Faws-api-gateway-guvenligi-ve-ters-proxy-zafiyetleri","AWS API Gateway ve Ters Proxy Zafiyetleri: Bulut Güvenliğinde Görünmez Tehdit","2026-05-12T21:00:00.000Z",null,1780419439834]