📄️ ACL Privilege Escalation
Buckets where ACL grants (WRITEACP, READACP, FULL_CONTROL) enable attackers to modify permissions, enumerate access, or gain complete control -- even when the bucket policy looks clean.
📄️ ACL-Based Public Write
User upload bucket where ACL grants write to any authenticated AWS user. The bucket policy looks clean — policy-only scanners miss this entirely.
📄️ Data Governance and Lifecycle
Backup bucket missing data classification, lifecycle rules, MFA delete, versioning, and Public Access Block -- a cascade of governance failures that compounds risk.
📄️ HIPAA Multi-Violation
PHI (Protected Health Information) bucket with multiple HIPAA compliance failures: no encryption at rest, no transport encryption, no KMS key management, no access logging, no versioning, no object lock, and no Public Access Block.
📄️ Public Read via Bucket Policy
Internal analytics data exposed to the internet via Principal: "*" bucket policy with Public Access Block disabled.
📄️ Security Tool Bypass
Buckets that appear safe to tools relying on APIs the bucket policy denies, plus latent public read exposure masked only by Public Access Block.
📄️ Upload Policy Hardening
Signed upload policies that allow prefix-scoped keys or unrestricted content types, enabling object overwrite and stored XSS attacks.