Awesome-Cloud-PenTest
Cloud PenTest - AWS and Azure by Joas
What is AWS
Extras Resources
-
https://www.sans.org/cyber-security-courses/cloud-penetration-testing/
-
https://cloudacademy.com/course/aws-security-fundamentals/introduction-74/
-
https://cobalt.io/blog/what-you-need-to-know-about-aws-pentesting
-
https://gracefulsecurity.com/an-introduction-to-penetration-testing-aws-same-same-but-different/
-
https://www.virtuesecurity.com/aws-penetration-testing-part-2-s3-iam-ec2/
-
https://securityboulevard.com/2021/03/aws-penetration-testing-essential-guidance-for-2021/
-
https://docs.microsoft.com/pt-br/azure/security/fundamentals/pen-testing
-
https://gbhackers.com/cloud-computing-penetration-testing-checklist-important-considerations/
-
https://www.linkedin.com/pulse/cloud-computing-penetration-testing-checklist-priya-james-ceh-1/
-
https://www.happiestminds.com/blogs/tag/penetration-testing-checklist/
-
https://blog.rsisecurity.com/how-to-conduct-cloud-penetration-testing/
-
https://www.nettitude.com/uk/penetration-testing/cloud-service-testing/
-
https://techbeacon.com/enterprise-it/pen-testing-cloud-based-apps-step-step-guide
-
https://book.hacktricks.xyz/cloud-security/cloud-security-review
-
https://medium.com/@jonathanchelmus/cloud-pentesting-for-noobs-da867d9c5ecb
-
https://pt.slideshare.net/TeriRadichel/are-you-ready-for-a-cloud-pentest
-
My ebook: https://drive.google.com/file/d/14rthHtAgbd--pWEmzmj4i5j59Rl6dLC1/view?usp=sharing
-
https://hackerassociate.com/training-and-certification/ocpt-offensive-cloud-penetration-testing/
-
https://hausec.com/2020/01/31/attacking-azure-azure-ad-and-introducing-powerzure/
-
https://gracefulsecurity.com/an-introduction-to-pentesting-azure/
-
https://rhinosecuritylabs.com/cloud-security/common-azure-security-vulnerabilities/
My Social Networks
What is Azure
PenTest Policy
-
https://docs.microsoft.com/en-us/azure/security/fundamentals/pen-testing
-
https://www.microsoft.com/en-us/msrc/pentest-rules-of-engagement?rtc=1
PenTest in AWS
-
Offensive Security
-
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
-
https://rhinosecuritylabs.com/aws/aws-essentials-top-5-tests-penetration-testing-aws/
-
https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/
-
https://www.getastra.com/blog/security-audit/aws-penetration-testing/
-
https://owasp.org/www-pdf-archive/Aws_security_joel_leino.pdf
-
https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-cloud-need-know/
-
https://github.com/PacktPublishing/Hands-On-AWS-Penetration-Testing-with-Kali-Linux
-
https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training
AWS Security
-
Defensive: Hardening, Security Assessment and Inventory
-
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
-
https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-cis.html
PenTest in Azure
-
Enumeration
-
o365creeper - Enumerate valid email addresses
-
CloudBrute - Tool to find a cloud infrastructure of a company on top Cloud providers
-
cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud
-
Azucar - Security auditing tool for Azure environments
-
CrowdStrike Reporting Tool for Azure (CRT) - Query Azure AD/O365 tenants for hard to find permissions and configuration settings
-
ScoutSuite - Multi-cloud security auditing tool. Security posture assessment of different cloud environments.
-
BlobHunter - A tool for scanning Azure blob storage accounts for publicly opened blobs
-
Grayhat Warfare - Open Azure blobs and AWS bucket search
-
Information Gathering
-
o365recon - Information gathering with valid credentials to Azure
-
Get-MsolRolesAndMembers.ps1 - Retrieve list of roles and associated role members
-
ROADtools - Framework to interact with Azure AD
-
PowerZure - PowerShell framework to assess Azure security
-
Azurite - Enumeration and reconnaissance activities in the Microsoft Azure Cloud
-
Sparrow.ps1 - Helps to detect possible compromised accounts and applications in the Azure/M365 environment
-
Hawk - Powershell based tool for gathering information related to O365 intrusions and potential breaches
-
Microsoft Azure AD Assessment - Tooling for assessing an Azure AD tenant state and configuration
-
Lateral Movement
-
Stormspotter - Azure Red Team tool for graphing Azure and Azure Active Directory objects
-
AzureADLateralMovement - Lateral Movement graph for Azure Active Directory
-
SkyArk - Discover, assess and secure the most privileged entities in Azure and AWS
-
Exploitation
-
MicroBurst - A collection of scripts for assessing Microsoft Azure security
-
azuread_decrypt_msol_v2.ps1 - Decrypt Azure AD MSOL service account
-
Credential Attacks
- MSOLSpray - A password spraying tool for Microsoft Online accounts (Azure/O365)
- MFASweep - A tool for checking if MFA is enabled on multiple Microsoft Services Resources
- adconnectdump - Dump Azure AD Connect credentials for Azure AD and Active Directory
-
Abusing Azure AD SSO with the Primary Refresh Token
-
Abusing dynamic groups in Azure AD for Privilege Escalation
-
Attacking Azure, Azure AD, and Introducing PowerZure
-
Attacking Azure & Azure AD, Part II
-
Azure AD Connect for Red Teamers
-
Azure AD Introduction for Red Teamers
-
Azure AD Pass The Certificate
-
Azure AD privilege escalation - Taking over default application permissions as Application Admin
-
Defense and Detection for Attacks Within Azure
-
Hunting Azure Admins for Vertical Escalation
-
Impersonating Office 365 Users With Mimikatz
-
Lateral Movement from Azure to On-Prem AD
-
Malicious Azure AD Application Registrations
-
Moving laterally between Azure AD joined machines
-
CrowdStrike Launches Free Tool to Identify and Help Mitigate Risks in Azure Active Directory
-
Privilege Escalation Vulnerability in Azure Functions
-
Azure Application Proxy C2
-
Recovering Plaintext Passwords from Azure Virtual Machines like Itβs the 1990s
-
Azure Articles from NetSPI
-
Azure Cheat Sheet on CloudSecDocs
-
Resources about Azure from Cloudberry Engineering
-
Resources from PayloadsAllTheThings
-
Encyclopedia on Hacking the Cloud - (No content yet for Azure)
-
azure-security-lab - Securing Azure Infrastructure - Hands on Lab Guide
-
AzureSecurityLabs - Hands-on Security Labs focused on Azure IaaS Security
-
Building Free Active Directory Lab in Azure