Permiso Security has launched SkyScalpel, a new open-source tool designed to enhance detection of policy obfuscation in cloud environments, particularly focusing on JSON-based policies within Amazon Web Services Identity and Access Management systems, reports SiliconAngle.
SkyScalpel aims to help security teams identify policies altered by threat actors to obscure permissions and evade detection. Such obfuscations, which modify policy syntax or semantics, allow unauthorized actions and access to resources that are difficult to trace with traditional tools.
SkyScalpel uses a custom tokenizer to scan, analyze, and decode obfuscated policies, revealing underlying values while preserving original inputs for reference. This function enables security teams to detect and correct potential vulnerabilities in their cloud policies efficiently. For red teams, the tool includes an obfuscation suite that can automate multi-layer obfuscation of JSON documents, further testing cloud defenses against advanced evasive techniques. Permiso recently raised $39.1 million and released the Universal Identity Graph, which offers identity security posture management and identity threat detection capabilities.
