T1666.A002: Leave AWS Organization
Source: aws-samples.github.io
Published:
<p>AWS Specific Content A prerequisite for this technique is that a threat actor has already gained access to the Management account within in AWS Organization as well as control of an AWS identity with the permissions to perform the actions in the Management account in the Event Name(s) section. Wi