Update README to specify Airflow DAG permissions

AI-redteam · web-flow · commit 3f8aa12ce933 · 2025-10-23T16:26:48.000-05:00
Clarified that all Airflow DAGs run with the execution role's permissions.
diff --git a/src/pentesting-cloud/aws-security/aws-post-exploitation/aws-mwaa-post-exploitation/README.md b/src/pentesting-cloud/aws-security/aws-post-exploitation/aws-mwaa-post-exploitation/README.md
@@ -27,7 +27,7 @@ Documentation Verifying Vuln and Acknowledging Vectorr: [AWS Documentation](http
 
 ## Exploitation
 
-All DAGs run with the execution role's permissions. DAGs are Python scripts that can execute arbitrary code - they can use `yum` or `curl` to install tools, download malicious scripts, or import any Python library. DAGs are pulled from an assigned S3 folder and run on schedule automatically, all an attacker needs is ability to PUT to that bucket path.
+All Airflow DAGs run with the execution role's permissions. DAGs are Python scripts that can execute arbitrary code - they can use `yum` or `curl` to install tools, download malicious scripts, or import any Python library. DAGs are pulled from an assigned S3 folder and run on schedule automatically, all an attacker needs is ability to PUT to that bucket path.
 
 Anyone who can write DAGs (typically most users in MWAA environments) can abuse this permission:
 
