This article is great! Need to add some of the techniques from this into Hacking the Cloud. I'm kind of amazed! I think this is the first intelligent AWS threat actor I've ever seen! That enumeration technique was on my backlog and they did it first!!

Be sure to credit @NoamDahan with pointing out my mistake on iam:SimulatePrincipalPolicy technique when I share on socials.