A new free open source tool named SkyArk, has been created and released today by the cybersecurity firm CyberArk. SkyArk is designed to detect shadow admin accounts in cloud environments, such as Amazon Web Services (AWS ) and Microsoft Azure.
The descriptor “Shadow Administrator Accounts” refers to low level accounts which are created with basic permission sets that, when combined, may grant the user broader or higher levels of permission. Shadow admin accounts may also be created accidentally when cloud environments are integrated with on premise assets. These accounts can be difficult to discover. Malicious actors seek to abuse shadow admin privileges for stealth operations or theft.
SkyArk has AWStealth and AzureStealth components which can analyze entire lists of AWS or Azure accounts and the permissions assigned to each user. For more information on the SkyArk security project, please see: https://github.com/cyberark/SkyArk.