You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Need to figure out how to support making attack paths that could have more than one source node as part of the attack. Mainly used when you can compromise two nodes, and work them together to pivot elsewhere.
For example, RBAC_ESCALATE_TO is currently based on updating the role that grants the role edit/escalate permissions effectively. However, realistically you could also update another role which you have access to from another node within the chain. At which point the two sources are (1) the role binding that grants edit/escalate on a random role, and (2) a role binding for that random role
The text was updated successfully, but these errors were encountered:
Need to figure out how to support making attack paths that could have more than one source node as part of the attack. Mainly used when you can compromise two nodes, and work them together to pivot elsewhere.
For example,
RBAC_ESCALATE_TOis currently based on updating the role that grants the role edit/escalate permissions effectively. However, realistically you could also update another role which you have access to from another node within the chain. At which point the two sources are (1) the role binding that grants edit/escalate on a random role, and (2) a role binding for that random roleThe text was updated successfully, but these errors were encountered: