Cloud Security - Attacks
AWS
Privilege Escalation to SYSTEM in AWS VPN Client
AWS WorkSpaces Remote Code Execution
Resource Injection in CloudFormation Templates
Downloading and Exploring AWS EBS Snapshots
CloudGoat ECS_EFS_Attack Walkthrough
GKE Kubelet TLS Bootstrap Privilege Escalation
Weaponizing AWS ECS Task Definitions to Steal Credentials From Running Containers
CloudGoat AWS Scenario Walkthrough: “EC2_SSRF”
Pillaging AWS ECS Task Definitions for Hardcoded Secrets
Abusing VPC Traffic Mirroring in AWS
Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT)
Bypassing IP Based Blocking with AWS API Gateway
Phishing Users with MFA on AWS
AWS IAM Privilege Escalation – Methods and Mitigation
Penetration Testing AWS Storage: Kicking the S3 Bucket
Cloud Security Risks (P2): CSV Injection in AWS CloudTrail
Amazon’s AWS Misconfiguration: Arbitrary Files Upload in Amazon Go
Privilege Escalation Attack : Attacking AWS IAM permission misconfigurations
IAM Vulnerable - An AWS IAM Privilege Escalation Playground
Escalator to the Cloud: 5 Privesc Attack Vectors in AWS
Vulnerable AWS Lambda function – Initial access in cloud attacks
Inside a Privilege Escalation Attack via Amazon Web Services’ EC2
AWS Attacks
AWS Shadow Admin
Gaining AWS Console Access via API Keys
Automate AWS AMI Creation For EC2 And Copy to Other Region
Instance Connect - Push an SSH key to EC2 instance
Golden SAML Attack
- https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
- https://blog.sygnia.co/detection-and-hunting-of-golden-saml-attack
Stealing hashes from Domain Controllers in the Cloud
AWS PenTest Methodology
CloudGoat Official Walkthrough Series: “rce_web_app”
Azure
GKE Kubelet TLS Bootstrap Privilege Escalation
Cloud Security Risks (Part 1): Azure CSV Injection Vulnerability
Security for SaaS Companies: Leveraging Infosec for Business Value
Common Azure Security Vulnerabilities and Misconfigurations
Enumerate valid emails
Enumerate Azure Subdomains
- https://www.netspi.com/blog/technical/cloud-penetration-testing/enumerating-azure-services/
- https://m0chan.github.io/2019/12/16/Subdomain-Takeover-Azure-CDN.html
Azure Attacks
Azure Active Directory Account Enumeration
Abusing Microsoft’s Azure domains to host phishing attacks
Defending against the EvilGinx2 MFA Bypass
- https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad/defending-against-the-evilginx2-mfa-bypass/m-p/501719
- https://thecloudtechnologist.com/2019/04/29/defending-against-evilginx2-in-office-365/
Introduction To 365-Stealer - Understanding and Executing the Illicit Consent Grant Attack
- https://www.alteredsecurity.com/post/introduction-to-365-stealer
- https://www.cloud-architekt.net/detection-and-mitigation-consent-grant-attacks-azuread/
Azure AD Password spray; from attack to detection (and prevention).
- https://derkvanderwoude.medium.com/password-spray-from-attack-to-detection-and-prevention-87c48cede0c0
- https://jeffreyappel.nl/protecting-against-password-spray-attacks-with-azure-sentinel-and-azure-ad/
LATERAL MOVEMENT TO THE CLOUD WITH PASS-THE-PRT
- https://stealthbits.com/blog/lateral-movement-to-the-cloud-pass-the-prt/
- https://derkvanderwoude.medium.com/pass-the-prt-attack-and-detection-by-microsoft-defender-for-afd7dbe83c94
Azure AD Pass The Certificate
How to SSH into specific Azure Web App instance
Attacking Azure, Azure AD, and Introducing PowerZure
Undetected Azure Active Directory Brute-Force Attacks
How Azure AD Could Be Vulnerable to Brute-Force and DOS Attacks
How to bypass MFA in Azure and O365
AWS Security Tools
-
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
-
https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/AWS.md