C-OIDC-TRUST-MISCONFInitial Access

Cloud OIDC Trust Misconfiguration

An AWS IAM role / GCP workload-identity trusts GitHub OIDC with overly-broad subject (e.g. wildcard repo) — any attacker repo gets the role.

§ Where this technique fits

C-OIDC-TRUST-MISCONF is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

GitHub OIDC trust over-broad → AWS admin
An IAM role trusts GitHub Actions OIDC with a wildcard 'repo:*' subject. Any attacker GitHub repo can assume the role and run with its privileges.
step 2 / 6

§ What commonly comes next

01
Supply Chain Compromise
T1195 · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

GitHub OIDC trust over-broad → AWS admin

§ What commonly comes next