Personal compilation of cloud-related pentesting/cloud security links and resources. Feel free to add.
Common Technologies
Some of the many cloud providers.
- AWS
- GCP
- Azure
- Kubernetes
- IBM
- Digital Ocean
Repos, links, etc
A compilation of compilations
https://github.com/dafthack/CloudPentestCheatsheets
https://github.com/TROUBLE-1/Cloud-Pentesting
https://github.com/vengatesh-nagarajan/Cloud-pentest
https://github.com/kh4sh3i/cloud-penetration-testing
Other general, non-technology specific resources
https://pentestbook.six2dez.com/enumeration/cloud
https://cloud.hacktricks.xyz/welcome/readme
https://bishopfox.com/blog/cloud-pen-testing-tools
https://medium.com/@mancusomjm/aws-azure-google-cloud-penetration-testing-resources-ca4b2bf1a4a6
https://github.com/jassics/security-study-plan
Cloud lab platform with multiple providers
Resources, tools, and labs for specific cloud providers
Resources, Tools, and Labs
https://pentestbook.six2dez.com/enumeration/cloud/aws
https://www.hackthebox.com/blog/aws-pentesting-guide
https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-cloud-need-know/
https://infosecwriteups.com/deep-dive-into-aws-penetration-testing-a99192a26898
https://cybertalents.com/blog/aws-penetration-testing-what-you-need-to-know
https://github.com/pop3ret/AWSome-Pentesting/blob/main/AWSome-Pentesting-Cheatsheet.md
https://github.com/CyberSecArmy/AWS-Offensive-Exploitation---Pentesting
https://github.com/rootcathacking/cloudcat/blob/main/aws_cli.md
https://github.com/NickTheSecurityDude/AWS-Pentesting-Notes
https://github.com/0xdeadpool/AWS-Essentails-for-Pentest
https://github.com/sebastian-mora/AWS-Loot
https://github.com/DavidDikker/endgame
https://github.com/gwen001/s3-buckets-finder
https://github.com/Ebryx/S3Rec0n
https://github.com/RhinoSecurityLabs/pacu
https://github.com/BishopFox/cloudfox
https://github.com/carnal0wnage/weirdAAL
https://github.com/ajinabraham/aws_security_tools
https://cloud.hacktricks.xyz/pentesting-cloud/aws-security
https://github.com/juanjoSanz/aws-pentesting-lab
https://github.com/torque59/AWS-Vulnerable-Lambda
https://github.com/stafordtituss/HazProne
https://gainsec.com/2020/08/03/complete-cloudgoat-setup-guide/
https://github.com/applied-network-security/aws-pentesting-lab
https://github.com/marcosValle/auto-pentest-lab
- Major topics to know:
-
IAM Policies
-
S3 Buckets
-
EC2 Instances
-
lambda functions & API endpoints
-
VPC
-
Group and Managed policies
-
Find ssh keys --> use 'aws s3 cp' to get ssh key
-
SSRF
-
RCE
-
instance-profile-attachment
- have low or insufficient privileges, but this permission - can create a new EC2 instance with higher privileges than can be further exploited
-
- Make AWS account
- Go to IAM and create a user or users and group(s) with the proper permissions/policies - depends on the lab, but for cloudgoat these work: (AdministratorAccess, AmazonRDSFullAccess, IAMFullAccess, AmazonS3FullAccess, CloudWatchFullAccess, AmazonDynamoDBFullAcces)
- Go to S3 and ensure you can create buckets
- configure your AWS account locally with the aws cli, using the account ID, secret, and region that you obtained when creatng the IAM roles
- It may be necessary to enable ACLs, which can be done through the S3 bucket permissions
Resources, Tools, and Labs
https://pentestbook.six2dez.com/enumeration/cloud/azure
https://github.com/CMEPW/azure-mindmap
https://cloud.hacktricks.xyz/pentesting-cloud/azure-security
https://github.com/Kyuu-Ji/Awesome-Azure-Pentest
https://www.cobalt.io/blog/azure-ad-pentesting-fundamentals
https://www.getastra.com/blog/security-audit/azure-penetration-testing/
https://github.com/mburrough/pentestingazureapps
https://github.com/badchars/AzureAD-Pentest
https://github.com/sabrinalupsan/pentesting-azure-ad
https://github.com/ZephrFish/AzureAttackKit
https://github.com/AlteredSecurity/365-Stealer
https://github.com/optionalCTF/SSOh-No
https://github.com/CasperGN/MFASweep.py
https://github.com/nyxgeek/onedrive_user_enum
https://github.com/esell/azure-sec-lab
https://github.com/uc-cyberclub/azure-pentesting-lab-tf
- Things to look for
- Blobs
- AFR
- Leaked Tokens/Credentials
- Authentication and password attacks - spraying oauth
Resources
https://pentestbook.six2dez.com/enumeration/cloud/gcp
https://cloud.hacktricks.xyz/pentesting-cloud/gcp-security
Kubernetes Resources, Labs, Tools
https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security
https://pentestbook.six2dez.com/enumeration/cloud/docker-and-and-kubernetes
https://github.com/SunWeb3Sec/Kubernetes-security
https://github.com/jarvarbin/Kubernetes-Pentesting
https://github.com/magnologan/awesome-k8s-security
https://hannahsuarez.github.io/2019/pentesting-kubernetes/
https://gitlab.com/pentest-tools/PayloadsAllTheThings/-/tree/master/Kubernetes
https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-1
https://lobuhisec.medium.com/kubernetes-pentest-recon-checklist-tools-and-resources-30d8e4b69463
https://hacktricks.boitatech.com.br/pentesting/pentesting-kubernetes
https://securitycafe.ro/2023/02/27/a-complete-kubernetes-config-review-methodology/
https://github.com/ksoclabs/awesome-kubernetes-security
https://github.com/g3rzi/HackingKubernetes
https://reconshell.com/kubernetes-security-checklist/ -These two are more about configuration but, gotta know how to build to know how to break it
https://reconshell.com/kubernetes-security-checklist/
https://github.com/madhuakula/hacker-container
https://github.com/quarkslab/kdigger
https://github.com/aquasecurity/kube-hunter/
https://github.com/inguardians/peirates
https://github.com/collabnix/kubetools
https://github.com/4ARMED/kubeletmein
https://github.com/cdk-team/CDK
https://github.com/madhuakula/kubernetes-goat
https://github.com/nabilblk/k8s-security
Things to know:
- Clusters
- RBAC
- Service Tokens & Secrets
- Pods
- Endpoints & API
Lab compilations:
https://github.com/iknowjason/Awesome-CloudSec-Labs
https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training
https://github.com/appsecco/attacking-cloudgoat2
https://rhinosecuritylabs.com/aws/cloudgoat-walkthrough-rce_web_app/
https://github.com/appsecco/attacking-cloudgoat2
Other tools that don't quite fit in a specific provider section or are applicable to all/multiple
https://github.com/nccgroup/ScoutSuite
https://github.com/iknowjason/edge
https://github.com/0xsha/CloudBrute
https://github.com/Macmod/STARS
https://github.com/Zeus-Labs/ZeusCloud
https://github.com/rams3sh/Aaia
https://github.com/RhinoSecurityLabs/ccat
https://github.com/404tk/cloudtoolkit
https://github.com/lord-alfred/ipranges
C2 framework
https://github.com/gl4ssesbo1/Nebula