What starting position does this attack require?

The first step is Push a public repo with a GH Actions workflow (T1195) — a initial access primitive. Assumed environment: target uses GitHub OIDC for keyless AWS deploys.

What is the final impact of this kill-chain?

The final step lands on Spot wildcard sub claim (C-OIDC-TRUST-MISCONF), which falls under Initial Access. From here, an operator typically pivots into post-exploitation or maintains persistence.

How can defenders detect or prevent this attack?

Detection and prevention vary per step. Refer to each linked MITRE ATT&CK entry under "References" — every technique on that page lists defensive controls, detection telemetry, and known threat-actor usage.

← RegistryDossier · 6 steps · 5 edges

Approved

GitHub OIDC trust over-broad → AWS admin

An IAM role trusts GitHub Actions OIDC with a wildcard 'repo:*' subject. Any attacker GitHub repo can assume the role and run with its privileges.

Filed by AD Knowledge BasePublished 2026-05-26

§ Kill-chainDrag · zoom · scroll

Initial Access

Push a public repo with a GH Actions workflow

T1195 · Supply Chain Compromise

Reconnaissance

Find role ARN + trust policy

C-AWS-ACCT-ENUM · AWS Account ID Enumeration

Lateral Movement

Workflow obtains OIDC token + AssumeRoleWithWebIdentity

C-AWS-ASSUMEROLE-CHAIN · AWS sts:AssumeRole Chain

Persistence

Backdoor IAM user

C-AWS-IAM-BACKDOOR · AWS IAM Backdoor User / Access Key

Credential Access

Exfil AWS keys / cloud secrets

C-SECRETS-MANAGER-DUMP · Secrets Manager / Key Vault Dump

Initial Access

Spot wildcard sub claim

C-OIDC-TRUST-MISCONF · Cloud OIDC Trust Misconfiguration

§ Context

Assumed environment: target uses GitHub OIDC for keyless AWS deploys. The role's trust policy uses a wildcard token.actions.githubusercontent.com sub claim (or 'repo:org/*').

§ Steps

01
Push a public repo with a GH Actions workflowInitial Access
T1195— Supply Chain Compromise
02
Find role ARN + trust policyReconnaissance
C-AWS-ACCT-ENUM— AWS Account ID Enumeration
03
Workflow obtains OIDC token + AssumeRoleWithWebIdentityLateral Movement
C-AWS-ASSUMEROLE-CHAIN— AWS sts:AssumeRole Chain
04
Backdoor IAM userPersistence
C-AWS-IAM-BACKDOOR— AWS IAM Backdoor User / Access Key
05
Exfil AWS keys / cloud secretsCredential Access
C-SECRETS-MANAGER-DUMP— Secrets Manager / Key Vault Dump
06
Spot wildcard sub claimInitial Access
C-OIDC-TRUST-MISCONF— Cloud OIDC Trust Misconfiguration

§ References

T1195Supply Chain Compromise

§ Frequently asked

What is the "GitHub OIDC trust over-broad → AWS admin" attack path?: An IAM role trusts GitHub Actions OIDC with a wildcard 'repo:*' subject. Any attacker GitHub repo can assume the role and run with its privileges. It chains 6 steps drawn from real-world offensive-security techniques.
What starting position does this attack require?: The first step is Push a public repo with a GH Actions workflow (T1195) — a initial access primitive. Assumed environment: target uses GitHub OIDC for keyless AWS deploys.
What is the final impact of this kill-chain?: The final step lands on Spot wildcard sub claim (C-OIDC-TRUST-MISCONF), which falls under Initial Access. From here, an operator typically pivots into post-exploitation or maintains persistence.
How can defenders detect or prevent this attack?: Detection and prevention vary per step. Refer to each linked MITRE ATT&CK entry under "References" — every technique on that page lists defensive controls, detection telemetry, and known threat-actor usage.

GitHub OIDC trust over-broad → AWS admin

§ Context

§ Steps

§ References

§ Frequently asked

§ Related dossiers

pull_request_target injection → secrets → cloud takeover

SSRF → IMDS → AssumeRole chain → Org admin