Tag: IAM

GCP Service Account Key Sprawl: Managing the Credentials You Forgot Existed

GCP service account keys that are never rotated are effectively permanent credentials — every key that exists is an attack surface that should ideally not exist.

April 9, 2026
AWS IAM Privilege Escalation: The Paths Attackers Actually Use

IAM privilege escalation in AWS rarely requires compromising an admin account — over 20 documented paths allow escalation from low-privilege users through policy misconfiguration.

February 12, 2026

GCP Service Account Key Sprawl: Managing the Credentials You Forgot Existed