{"id":1831,"date":"2025-12-09T10:01:24","date_gmt":"2025-12-09T10:01:24","guid":{"rendered":"https:\/\/www.tsfactory.com\/forums\/?p=1831"},"modified":"2025-12-09T10:01:24","modified_gmt":"2025-12-09T10:01:24","slug":"researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence","status":"publish","type":"post","link":"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/","title":{"rendered":"Researchers Uncovered AWS IAM Eventual Consistency to Establish Persistence"},"content":{"rendered":"<p>A critical persistence technique in\u00a0<a href=\"https:\/\/cybersecuritynews.com\/aws-key-hunter-free-automated-tool\/\" target=\"_blank\" rel=\"noreferrer noopener\">AWS Identity<\/a>\u00a0and Access Management (IAM) stemming from its eventual consistency model, allowing attackers to retain access even after defenders delete compromised access keys.<\/p>\n<p>AWS IAM, like many distributed systems, employs eventual consistency to scale across regions and replicas. Updates to resources such as access keys or policies propagate with a predictable delay of approximately 3-4 seconds, as confirmed through OFFENSAI\u2019s testing across regions like us-east-1 and eu-central-1.<\/p>\n<p>During this window, deleted keys remain valid for API calls, enabling attackers to list keys receiving an empty array or generate new ones before invalidation completes.\u200b<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" class=\"td-animation-stack-type0-2\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiV3Il0EZUWeXc_VcGrbrxs1c3OuJ_LO7mwpKVJyMVNnQ6_wrE5gwPKwFl8QGGDKHMJrvGr_7yRPnrFyHLdXLT5t2J0FAMKJnnnxdJqRGY88CDBKJM-8RigDvcWd3D2vZN3WdcALNn-duBOaz0G3vM2dR4eoXZKN5ByIORYGhINeikaO4p7bEQD05i9lJK0\/w640-h278\/keys.webp\" alt=\"Access key used after deletion \" \/><\/figure>\n<p>Security firm OFFENSAI has uncovered that in a simulated attack, a defender executes\u00a0<em>aws iam delete-access-key \u2013access-key-id AKIA\u2026 \u2013user-name bob<\/em>, while the attacker rapidly follows with\u00a0<em>aws iam create-access-key \u2013user-name bob<\/em>.<\/p>\n<p>CloudTrail logs accurately record both the deletion and subsequent actions, yet the consistency lag permits persistence. This extends beyond keys to policy attachments, role deletions, and login profiles, amplifying risks in\u00a0<a href=\"https:\/\/cybersecuritynews.com\/incident-response-planning\/\" target=\"_blank\" rel=\"noreferrer noopener\">incident response<\/a>.\u200b<\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/aws-iam-eventual-consistency-exploited\/\">Read the Full Story Here<\/a><\/p>\n<p>Source: Cybersecurity News<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A critical persistence technique in\u00a0AWS Identity\u00a0and Access Management (IAM) stemming from its eventual consistency model, allowing attackers to retain access even after defenders delete compromised access keys. AWS IAM, like many distributed systems, employs eventual consistency to scale across regions and replicas. Updates to resources such as access keys or policies propagate with a predictable [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1832,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1831","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Researchers Uncovered AWS IAM Eventual Consistency to Establish Persistence - Community<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Researchers Uncovered AWS IAM Eventual Consistency to Establish Persistence - Community\" \/>\n<meta property=\"og:description\" content=\"A critical persistence technique in\u00a0AWS Identity\u00a0and Access Management (IAM) stemming from its eventual consistency model, allowing attackers to retain access even after defenders delete compromised access keys. AWS IAM, like many distributed systems, employs eventual consistency to scale across regions and replicas. Updates to resources such as access keys or policies propagate with a predictable [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/\" \/>\n<meta property=\"og:site_name\" content=\"Community\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TSFactoryLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-09T10:01:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/12\/aws.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chelsie Wyatt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:site\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chelsie Wyatt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/\",\"name\":\"Researchers Uncovered AWS IAM Eventual Consistency to Establish Persistence - Community\",\"isPartOf\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/12\/aws.jpg\",\"datePublished\":\"2025-12-09T10:01:24+00:00\",\"author\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/#primaryimage\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/12\/aws.jpg\",\"contentUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/12\/aws.jpg\",\"width\":1600,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.tsfactory.com\/forums\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Researchers Uncovered AWS IAM Eventual Consistency to Establish Persistence\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/\",\"name\":\"Community\",\"description\":\"TSFactory\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\",\"name\":\"Chelsie Wyatt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"caption\":\"Chelsie Wyatt\"},\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Researchers Uncovered AWS IAM Eventual Consistency to Establish Persistence - Community","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/","og_locale":"en_US","og_type":"article","og_title":"Researchers Uncovered AWS IAM Eventual Consistency to Establish Persistence - Community","og_description":"A critical persistence technique in\u00a0AWS Identity\u00a0and Access Management (IAM) stemming from its eventual consistency model, allowing attackers to retain access even after defenders delete compromised access keys. AWS IAM, like many distributed systems, employs eventual consistency to scale across regions and replicas. Updates to resources such as access keys or policies propagate with a predictable [&hellip;]","og_url":"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/","og_site_name":"Community","article_publisher":"https:\/\/www.facebook.com\/TSFactoryLLC\/","article_published_time":"2025-12-09T10:01:24+00:00","og_image":[{"width":1600,"height":900,"url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/12\/aws.jpg","type":"image\/jpeg"}],"author":"Chelsie Wyatt","twitter_card":"summary_large_image","twitter_creator":"@TSFactoryLLC","twitter_site":"@TSFactoryLLC","twitter_misc":{"Written by":"Chelsie Wyatt","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/","url":"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/","name":"Researchers Uncovered AWS IAM Eventual Consistency to Establish Persistence - Community","isPartOf":{"@id":"https:\/\/www.tsfactory.com\/forums\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/#primaryimage"},"image":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/#primaryimage"},"thumbnailUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/12\/aws.jpg","datePublished":"2025-12-09T10:01:24+00:00","author":{"@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f"},"breadcrumb":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/#primaryimage","url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/12\/aws.jpg","contentUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2025\/12\/aws.jpg","width":1600,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/researchers-uncovered-aws-iam-eventual-consistency-to-establish-persistence\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.tsfactory.com\/forums\/"},{"@type":"ListItem","position":2,"name":"Researchers Uncovered AWS IAM Eventual Consistency to Establish Persistence"}]},{"@type":"WebSite","@id":"https:\/\/www.tsfactory.com\/forums\/#website","url":"https:\/\/www.tsfactory.com\/forums\/","name":"Community","description":"TSFactory","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f","name":"Chelsie Wyatt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","caption":"Chelsie Wyatt"},"url":"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1831","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/comments?post=1831"}],"version-history":[{"count":1,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1831\/revisions"}],"predecessor-version":[{"id":1833,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1831\/revisions\/1833"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media\/1832"}],"wp:attachment":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media?parent=1831"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/categories?post=1831"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/tags?post=1831"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}