C-SECRETS-MANAGER-DUMPCredential Access

Secrets Manager / Key Vault Dump

GetSecretValue / KeyVault.GetSecrets / SecretManager.AccessSecretVersion — abuse over-permissive IAM to dump every secret.

§ Where this technique fits

C-SECRETS-MANAGER-DUMP is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 5 on average.

§ Dossiers chaining this technique

GitHub OIDC trust over-broad → AWS admin
An IAM role trusts GitHub Actions OIDC with a wildcard 'repo:*' subject. Any attacker GitHub repo can assume the role and run with its privileges.
step 5 / 6

§ What commonly comes next

01
AWS IAM Backdoor User / Access Key
C-AWS-IAM-BACKDOOR · Persistence
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

GitHub OIDC trust over-broad → AWS admin

§ What commonly comes next