AWS ChangePassword
Allows an IAM user to change their own AWS Management Console login password.
T1531: Account Access Removal
T1531: Account Access Removal
Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: changed credentials, revoked permissions for SaaS platforms such as Sharepoint) to remove access to accounts.
View on MITRE ATT&CK →AWS DeleteAccessKey
Permanently deletes an IAM user's access key, revoking the associated programmatic access credentials.
AWS DeleteLoginProfile
Removes an IAM user's console password, preventing them from signing in to the AWS Management Console.
AWS DeleteUser
Permanently deletes an IAM user; all attached policies, group memberships, and keys must be removed first.
GCP google.iam.admin.v1.DeleteServiceAccount
Deletes a service account, disrupting workloads and applications that depend on it for authentication.
Azure Microsoft.Authorization/roleAssignments/delete
Deletes a role assignment, removing access for legitimate users and disrupting operations.
Azure Microsoft.Storage/storageAccounts/regenerateKey/action
Regenerates one of the two access keys for an Azure Storage account, invalidating the previous key.
AWS UpdateLoginProfile
Updates the console login password for an IAM user.