Azure Add Federated Identity Credential
Adds a federated identity credential to an application, enabling secretless persistent access via workload identity federation.
T1098.001: Additional Cloud Credentials
T1098.001: Additional Cloud Credentials
Adversaries may add adversary-controlled credentials to a cloud account to maintain persistent access to victim accounts and instances within the environment. For example, adversaries may add credentials for Service Principals and Applications in addition to existing legitimate credentials in Azu...
View on MITRE ATT&CK →AWS CreateAccessKey
Creates a new long-term access key for an IAM user, enabling programmatic access to AWS services.
GCP google.iam.admin.v1.CreateServiceAccountKey
Creates a new key for a GCP service account, producing a JSON credentials file for programmatic authentication. This is the admin activity audit log format; see also iam.serviceAccountKeys.create for the data access format.
GCP google.iam.admin.v1.UploadServiceAccountKey
Uploads an external key to a service account, enabling persistent access that survives credential rotation.
GCP iam.serviceAccountKeys.create
Creates a new key for a GCP service account, generating credentials for external services to authenticate as the account. This is the data access audit log format; see also google.iam.admin.v1.CreateServiceAccountKey for the admin activity format.
Azure Microsoft.Directory/servicePrincipals/credentials/update
Adds or updates credentials (client secrets or certificates) for an Entra ID service principal.
GCP storage.hmacKeys.create
Creates HMAC keys for S3-compatible access to Cloud Storage, providing a persistent access mechanism often missed by defenders.
AWS UpdateAccessKey
Changes the status of an IAM user's access key between Active and Inactive.