Scribd Logo
Upload

Welcome to Scribd!

  • 66 views

    Cloud Security Attacks

    Uploaded by

    Harsh Anand
    The document lists various cloud security attacks and vulnerabilities against AWS and Azure cloud platforms. It provides links to research on privilege escalation techniques, exploiting misconfigurations, stealing credentials, abusing services and bypassing authentication. It also includes sections on penetration testing methodologies and security tools for assessing AWS and Azure environments.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Cloud Security Attacks

    Uploaded by

    Harsh Anand
    66 views7 pages
    The document lists various cloud security attacks and vulnerabilities against AWS and Azure cloud platforms. It provides links to research on privilege escalation techniques, exploiting misconfigurations, stealing credentials, abusing services and bypassing authentication. It also includes sections on penetration testing methodologies and security tools for assessing AWS and Azure environments.

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document lists various cloud security attacks and vulnerabilities against AWS and Azure cloud platforms. It provides links to research on privilege escalation techniques, exploiting misconfigurations, stealing credentials, abusing services and bypassing authentication. It also includes sections on penetration testing methodologies and security tools for assessing AWS and Azure environments.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    66 views7 pages

    Cloud Security Attacks

    Uploaded by

    Harsh Anand
    The document lists various cloud security attacks and vulnerabilities against AWS and Azure cloud platforms. It provides links to research on privilege escalation techniques, exploiting misconfigurations, stealing credentials, abusing services and bypassing authentication. It also includes sections on penetration testing methodologies and security tools for assessing AWS and Azure environments.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 7

    Cloud Security - Attacks

    AWS

    Privilege Escalation to SYSTEM in AWS VPN Client


    https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/

    AWS WorkSpaces Remote Code Execution


    https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/

    Resource Injection in CloudFormation Templates


    https://rhinosecuritylabs.com/aws/cloud-malware-cloudformation-injection/

    Downloading and Exploring AWS EBS Snapshots


    https://rhinosecuritylabs.com/aws/exploring-aws-ebs-snapshots/

    CloudGoat ECS_EFS_Attack Walkthrough


    https://rhinosecuritylabs.com/cloud-security/cloudgoat-aws-ecs_efs_attack/

    GKE Kubelet TLS Bootstrap Privilege Escalation


    https://rhinosecuritylabs.com/cloud-security/kubelet-tls-bootstrap-privilege-escalation/

    Weaponizing AWS ECS Task Definitions to Steal Credentials From Running


    Containers
    https://rhinosecuritylabs.com/aws/weaponizing-ecs-task-definitions-steal-credentials-
    running-containers/

    CloudGoat AWS Scenario Walkthrough: “EC2_SSRF”


    https://rhinosecuritylabs.com/cloud-security/cloudgoat-aws-scenario-ec2_ssrf/

    Pillaging AWS ECS Task Definitions for Hardcoded Secrets


    https://rhinosecuritylabs.com/aws/pillaging-ecs-task-definitions-two-new-pacu-modules/

    Abusing VPC Traffic Mirroring in AWS


    https://rhinosecuritylabs.com/aws/abusing-vpc-traffic-mirroring-in-aws/

    Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT)
    https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/

    Bypassing IP Based Blocking with AWS API Gateway


    https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/

    Phishing Users with MFA on AWS


    https://rhinosecuritylabs.com/aws/mfa-phishing-on-aws/

    AWS IAM Privilege Escalation – Methods and Mitigation


    https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/

    Penetration Testing AWS Storage: Kicking the S3 Bucket


    https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-storage/

    Cloud Security Risks (P2): CSV Injection in AWS CloudTrail


    https://rhinosecuritylabs.com/aws/cloud-security-csv-injection-aws-cloudtrail/

    Amazon’s AWS Misconfiguration: Arbitrary Files Upload in Amazon Go


    https://rhinosecuritylabs.com/aws/amazon-aws-misconfiguration-amazon-go/

    Privilege Escalation Attack : Attacking AWS IAM permission


    misconfigurations
    https://payatu.com/blog/mayank.arora/iam_privilege_escalation_attack

    IAM Vulnerable - An AWS IAM Privilege Escalation Playground


    https://bishopfox.com/blog/aws-iam-privilege-escalation-playground
    Escalator to the Cloud: 5 Privesc Attack Vectors in AWS
    https://bishopfox.com/blog/5-privesc-attack-vectors-in-aws

    Vulnerable AWS Lambda function – Initial access in cloud attacks


    https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/

    Inside a Privilege Escalation Attack via Amazon Web Services’ EC2


    https://thenewstack.io/inside-a-privilege-escalation-attack-via-amazon-web-services-ec2/

    AWS Attacks
    https://pentestbook.six2dez.com/enumeration/cloud/aws

    AWS Shadow Admin


    https://www.admin-magazine.com/Archive/2021/63/Shadow-admin-permissions-and-your-
    AWS-account

    Gaining AWS Console Access via API Keys


    https://www.netspi.com/blog/technical/gaining-aws-console-access-via-api-keys/

    Automate AWS AMI Creation For EC2 And Copy to Other Region
    https://dheeraj3choudhary.com/automate-aws-ami-creation-for-ec2-and-copy-to-other-
    region-or-disaster-recovery

    Instance Connect - Push an SSH key to EC2 instance


    https://cloudonaut.io/connect-to-your-ec2-instance-using-ssh-the-modern-way/

    Golden SAML Attack


    https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-
    attack-technique-forges-authentication-to-cloud-apps
    https://blog.sygnia.co/detection-and-hunting-of-golden-saml-attack

    Stealing hashes from Domain Controllers in the Cloud


    https://medium.com/@StaticFlow/cloudcopy-stealing-hashes-from-domain-controllers-in-
    the-cloud-c55747f0913

    AWS PenTest Methodology


    https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%2
    0Resources/Cloud%20-%20AWS%20Pentest.md

    CloudGoat Official Walkthrough Series: “rce_web_app”


    https://rhinosecuritylabs.com/aws/cloudgoat-walkthrough-rce_web_app/

    Azure

    GKE Kubelet TLS Bootstrap Privilege Escalation


    https://rhinosecuritylabs.com/cloud-security/kubelet-tls-bootstrap-privilege-escalation/

    Cloud Security Risks (Part 1): Azure CSV Injection Vulnerability


    https://rhinosecuritylabs.com/azure/cloud-security-risks-part-1-azure-csv-injection-
    vulnerability/

    Security for SaaS Companies: Leveraging Infosec for Business Value


    https://rhinosecuritylabs.com/cloud-security/security-saas-companies-leveraging-infosec-
    business-value/

    Common Azure Security Vulnerabilities and Misconfigurations


    https://rhinosecuritylabs.com/cloud-security/common-azure-security-vulnerabilities/

    Enumerate valid emails


    https://zigmax.net/enumerate-valid-emails-accounts%EF%BF%BC/

    Enumerate Azure Subdomains


    https://www.netspi.com/blog/technical/cloud-penetration-testing/enumerating-azure-
    services/
    https://m0chan.github.io/2019/12/16/Subdomain-Takeover-Azure-CDN.html

    Azure Attacks
    https://pentestbook.six2dez.com/enumeration/cloud/azure

    Azure Active Directory Account Enumeration


    https://helloitsliam.com/2021/11/18/azure-active-directory-account-enumeration/

    Abusing Microsoft’s Azure domains to host phishing attacks


    https://www.zscaler.fr/blogs/security-research/abusing-microsofts-azure-domains-host-
    phishing-attacks

    Defending against the EvilGinx2 MFA Bypass


    https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad/defending-against-the-
    evilginx2-mfa-bypass/m-p/501719
    https://thecloudtechnologist.com/2019/04/29/defending-against-evilginx2-in-office-365/

    Introduction To 365-Stealer - Understanding and Executing the Illicit


    Consent Grant Attack
    https://www.alteredsecurity.com/post/introduction-to-365-stealer
    https://www.cloud-architekt.net/detection-and-mitigation-consent-grant-attacks-azuread/

    Azure AD Password spray; from attack to detection (and prevention).


    https://derkvanderwoude.medium.com/password-spray-from-attack-to-detection-and-
    prevention-87c48cede0c0
    https://jeffreyappel.nl/protecting-against-password-spray-attacks-with-azure-sentinel-
    and-azure-ad/

    LATERAL MOVEMENT TO THE CLOUD WITH PASS-THE-PRT


    https://stealthbits.com/blog/lateral-movement-to-the-cloud-pass-the-prt/
    https://derkvanderwoude.medium.com/pass-the-prt-attack-and-detection-by-microsoft-
    defender-for-afd7dbe83c94

    Azure AD Pass The Certificate


    https://medium.com/@mor2464/azure-ad-pass-the-certificate-d0c5de624597

    How to SSH into specific Azure Web App instance


    https://codez.deedx.cz/posts/how-to-ssh-into-web-app-instance/

    Attacking Azure, Azure AD, and Introducing PowerZure


    https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-
    ca70b330511a

    Undetected Azure Active Directory Brute-Force Attacks


    https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-
    attacks

    How Azure AD Could Be Vulnerable to Brute-Force and DOS Attacks


    https://medium.com/hackernoon/azure-brute-farce-17e27dc05f85

    How to bypass MFA in Azure and O365


    https://secwise.be/how-to-bypass-mfa-in-azure-and-o365-part-1/

    AWS Security Tools

    https://github.com/toniblyx/my-arsenal-of-aws-security-tools

    https://github.com/blackbotsecurity/AWS-Attack

    https://github.com/awslabs/aws-cloudsaga

    https://github.com/awslabs/aws-support-tools

    https://github.com/0xVariable/AWS-Security-Tools

    https://cybersecurityup.github.io/awstrm/index.html

    https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/AWS.md

    https://github.com/RhinoSecurityLabs/cloudgoat

    Azure Security Tools

    https://github.com/NetSPI/MicroBurst/blob/master/Misc/Invoke-EnumerateAzureBlobs.ps1

    https://microsoft.github.io/Azure-Threat-Research-Matrix/
    https://github.com/Cloud-Architekt/AzureAD-Attack-Defense

    https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/Azure.md

    https://github.com/Kyuu-Ji/Awesome-Azure-Pentest/blob/main/README.md

    https://github.com/ine-labs/AzureGoat

    https://github.com/kmcquade/awesome-azure-security

    https://github.com/nccgroup/azucar

    You might also like