NOTYET: The Offensive AWS Tool That Exploits Eventual Consistency to Vaporize Your Incident Response + Video

By /

Listen to this Post

Featured Image

Introduction:

When an AWS security team thinks they have contained a compromised identity, they are often still vulnerable due to a fundamental design feature of the cloud: eventual consistency. This distributed systems property, which prioritizes availability and scalability over immediate synchronization, creates a dangerous 3–4 second window where deleted access keys, revoked policies, and containment actions have not yet propagated across all AWS regions and replicas. Attackers can exploit this fleeting gap to detect defensive actions in real-time and surgically reverse them before they ever take effect, effectively “vaporizing” incident response playbooks.

Learning Objectives:

  • Understand the mechanics of AWS IAM eventual consistency and how it creates an exploitable persistence window for attackers.
  • Learn how to use the open-source `notyet` tool to test and validate the resilience of your AWS containment playbooks.
  • Master step-by-step defensive commands and Service Control Policy (SCP) strategies to harden your cloud environment against eventual consistency abuse.

You Should Know:

1. Dissecting the Eventual Consistency Attack Window

The core of this persistence technique lies in the distributed nature of AWS IAM. When a defender executes a command to revoke access—such as deleting an access key, attaching a deny-all policy, or deleting an IAM role—that change is not instantly visible across the entire AWS global infrastructure. In tests conducted by OffensAI, this propagation delay consistently averages between 3 to 4 seconds. During this brief interval, the compromised credentials continue to function as if no action had been taken.

An automated adversary can operate within this window faster than any human defender. The moment a defender initiates a containment action, the attacker, using a pre-configured script, can immediately query the identity’s status. Upon detecting the deletion of an access key or the attachment of a deny policy, the attacker can instantly create a new access key, attach a new administrative policy, or assume a different role with elevated privileges. The containment action is not just evaded; it is actively reversed within seconds. This renders traditional “revoke and delete” playbooks completely ineffective against a determined, automated threat actor.

Step‑by‑step guide for attackers (for defensive understanding):

  1. Establish Persistence: Gain initial access to an IAM user or role with moderate privileges.
  2. Automate Monitoring: Deploy a continuous loop script that queries the IAM identity’s status every second using commands like aws iam list-access-keys --user-name compromised_user.
  3. Detect Defensive Action: The script detects that an access key has been deleted or a deny policy has been attached.
  4. Surgically Reverse: Within the 3–4 second window, the script executes a counter-action, such as `aws iam create-access-key –user-name compromised_user` to generate a new valid key.
  5. Maintain Persistence: The attacker now has a new, valid credential set, and the defender’s containment action has been completely nullified.

  6. The `notyet` Tool: A Blue Team’s Playbook Stress-Test

To combat this threat, security researcher Eduard Agavriloae developed notyet, a fourth-generation open-source offensive security cloud tool designed specifically to test AWS containment procedures. Unlike theoretical research, `notyet` provides a practical, automated dashboard that blue teams can use to get immediate, empirical feedback on their incident response playbooks. The tool answers a single, critical question: “Was the identity actually contained?”

`notyet` automates the entire process of revoking identity-based incident response procedures. It allows a red teamer or a security engineer to simulate an attacker who is actively and intelligently countering containment actions. For blue teams, running `notyet` against their own playbooks in a controlled environment reveals the real-world efficacy of their response plans. It highlights the exact second where a containment action fails due to the eventual consistency gap, exposing the blind spots in procedures that rely solely on IAM mutations for containment.

Using `notyet` to test your environment (Defensive Validation):

  • Step 1: Setup. Deploy `notyet` from its official repository (link in the original post) in a dedicated, non-production AWS testing account.
  • Step 2: Configure a Compromised Identity. Create a sacrificial IAM user or role that will act as the “compromised” entity.
  • Step 3: Run the Tool. Execute `notyet` against this identity, instructing it to monitor for and automatically reverse any containment actions.
  • Step 4: Execute Your Playbook. Run your standard incident response playbook to contain the compromised identity (e.g., delete keys, attach deny policy).
  • Step 5: Analyze the Dashboard. Review the `notyet` UI dashboard to see if your containment actions succeeded or were reversed within the consistency window.

3. Linux/Windows Commands for IAM Post-Exploitation & Detection

Understanding how an attacker operates requires knowing the specific commands they use. These commands are typically executed from a Linux terminal with the AWS CLI installed and configured with the compromised credentials.

Attacker’s Arsenal (Linux/macOS):

 Enumerate the compromised identity's privileges
aws iam list-attached-user-policies --user-name compromised_user
aws iam list-access-keys --user-name compromised_user
aws sts get-caller-identity

Create a new access key within the consistency window
aws iam create-access-key --user-name compromised_user

Attach an administrative policy before the deny policy propagates
aws iam attach-user-policy --user-name compromised_user --policy-arn arn:aws:iam::aws:policy/AdministratorAccess

Assume a role in a different account for persistence
aws sts assume-role --role-arn "arn:aws:iam::TARGET_ACCOUNT_ID:role/CompromisedRole" --role-session-name "PersistenceSession"

Defender’s Detection (CloudTrail & GuardDuty):

Blue teams must hunt for the rapid succession of events indicative of this attack. Key CloudTrail events to monitor include `DeleteAccessKey` followed within seconds by `CreateAccessKey` for the same user, or `AttachUserPolicy` with a deny policy followed by `DetachUserPolicy` or a second `AttachUserPolicy` with an admin policy. Use the following AWS CLI command to query CloudTrail logs for these patterns:

aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=CreateAccessKey --start-time "2025-04-08T00:00:00Z" --end-time "2025-04-08T23:59:59Z"

4. The Fatal Flaw of Identity-Based Deny Policies

The most common incident response recommendation is to attach a deny-all policy, such as AWSCompromisedKeyQuarantine, to a compromised IAM principal. However, this strategy is fundamentally broken when faced with an attacker who exploits eventual consistency. The policy itself is subject to the same propagation delay as any other IAM change. During the 3–4 seconds it takes for the policy to become effective, the attacker can detect the new policy attachment via a simple `aws iam list-attached-user-policies` call and immediately detach it.

This creates a race condition that the automated attacker always wins. The defender initiates the action, and the attacker, monitoring every second, reverses it before the defender’s action is globally consistent. This is not a theoretical edge case; it is a deterministic outcome of the system’s architecture.

Hardening against this flaw:

  • Avoid Reliance on IAM Mutations: Do not depend solely on modifying the compromised identity’s IAM policy or keys for containment.
  • Implement Resource-Based Controls: Use Network ACLs, Security Groups, or VPC Endpoint policies to block traffic from the compromised principal at the resource layer, as these controls often have different consistency models.
  • Leverage Session Revocation: Use the `aws iam create-role-revocation` command, which invalidates all role sessions created before a specific timestamp, providing a more immediate and non-reversible containment action for role-based access.
  1. The Only Reliable Mitigation: Service Control Policies (SCPs)

Given the inherent weakness of identity-based containment, the only consistently reliable mitigation against this exploitation of eventual consistency is the use of Service Control Policies (SCPs) at the AWS Organizations level. SCPs are applied to entire accounts or organizational units and are enforced at the boundary of the account, before any IAM policy is evaluated. Crucially, a compromised IAM principal within an account cannot alter or remove an SCP applied from above.

When an incident is detected, the defender can apply a restrictive SCP to the affected account, denying all actions or specific high-risk API calls for all principals within it. While SCPs also have a propagation delay, an attacker within the account has no ability to remove or bypass them. This makes SCPs a true “break glass” containment measure that the attacker cannot reverse from their compromised context.

Step‑by‑step guide for SCP-based containment:

  1. Navigate to AWS Organizations in the management account.
  2. Create a new SCP with a deny effect for all actions ("Action": "").
  3. Attach the SCP to the organizational unit or specific AWS account containing the compromised identity.
  4. Verify the impact: The compromised principal will be locked out of all actions as soon as the SCP propagates, and critically, the attacker cannot detach the SCP.
  5. Rotate all credentials in the affected account from a trusted, break-glass administrator session before removing the SCP.

  6. API Security and Cloud Hardening in the Eventual Consistency Era

This research has profound implications for API security and cloud hardening. Traditional security models assumed that a successful API call to delete a key or attach a policy meant that action was instantaneous and final. The reality of distributed systems is far messier. Security architects must now design controls that are resilient to a multi-second window of inconsistency.

This means moving away from “eventual” controls to “immediate” ones wherever possible. For API security, implement gateway-level rate limiting and anomaly detection that can block suspicious sequences of calls (e.g., a delete followed immediately by a create) based on real-time heuristics rather than relying on the state of IAM policies. For cloud hardening, implement a defense-in-depth strategy that uses overlapping controls: identity-based (quick but reversible), resource-based (slower but more robust), and organizational (SCPs: slow but irreversible). No single control is sufficient; only their combination can cover the gaps introduced by eventual consistency.

7. AI-Powered Red Team Automation: The OffensAI Approach

The development of `notyet` is part of a broader trend toward AI-powered red team automation. OffensAI’s research demonstrates that manual incident response is no longer viable against automated adversaries. The 3–4 second window is an eternity for a script but a blink of an eye for a human defender. Therefore, defensive playbooks must themselves be automated to react at machine speed.

Blue teams must adopt AI-driven security orchestration, automation, and response (SOAR) platforms that can detect an attack, execute a containment playbook, and verify its success within milliseconds. Tools like `notyet` serve as an essential validation framework for these automated systems. By stress-testing your automated playbooks against a tool designed to defeat them, you can identify and remediate logic flaws and timing dependencies before a real attacker exploits them.

What Undercode Say:

  • Eventual consistency is not just a theoretical concern; it is a practical attack surface. Security teams must treat the 3–4 second propagation delay as a critical vulnerability in their incident response plans and build compensating controls around it.
  • SCPs are the ultimate “break glass” mechanism. When an IAM compromise is suspected, an organization-level SCP is the only containment action that a compromised principal cannot counterattack or reverse. All incident response playbooks should prioritize SCP application over identity-based mutations.
  • Defensive automation must match offensive automation. A human clicking buttons in the AWS console will never defeat a script that reacts in milliseconds. The future of cloud IR lies in machine-speed, AI-driven SOAR platforms that can automatically detect, contain, and verify actions faster than an attacker can counter them.

Prediction:

The disclosure of this attack vector will force AWS and other cloud providers to re-architect their IAM consistency models, potentially introducing new strongly consistent APIs for security-critical operations. In the near term, we will see a surge in third-party tools that monitor for and block “race condition” attack patterns in real-time, as well as a fundamental shift in cloud IR playbooks away from identity-based actions and toward organizational and resource-based controls. Organizations that fail to adapt will remain vulnerable to adversaries who have already automated the exploitation of this architectural flaw.

▶️ Related Video (80% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Eduard K – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky

Related Posts: