Compilation of cloud-related pentesting/cloud security links and resources. Feel free to add.

Common Technologies Some of the many cloud providers.
- AWS - GCP - Azure - Kubernetes - IBM - Digital Ocean

---

• Cheatsheets and Compilations

  A compilation of compilations

https://github.com/dafthack/CloudPentestCheatsheets

https://github.com/TROUBLE-1/Cloud-Pentesting

https://github.com/vengatesh-nagarajan/Cloud-pentest

https://github.com/kh4sh3i/cloud-penetration-testing

• General Resources

  Other general, non-technology specific resources

https://pentestbook.six2dez.com/enumeration/cloud

https://cloud.hacktricks.xyz/welcome/readme

https://bishopfox.com/blog/cloud-pen-testing-tools

https://medium.com/@mancusomjm/aws-azure-google-cloud-penetration-testing-resources-ca4b2bf1a4a6

https://github.com/jassics/security-study-plan

• General Labs

  Cloud lab platform with multiple providers

https://pwnedlabs.io/

---

Technology Specifics

Resources, tools, and labs for specific cloud providers

• AWS

  Resources, Tools, and Labs

• • AWS: Resources

https://pentestbook.six2dez.com/enumeration/cloud/aws

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20AWS%20Pentest.md

https://www.hackthebox.com/blog/aws-pentesting-guide

https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-cloud-need-know/

https://infosecwriteups.com/deep-dive-into-aws-penetration-testing-a99192a26898

https://cybertalents.com/blog/aws-penetration-testing-what-you-need-to-know

https://github.com/pop3ret/AWSome-Pentesting/blob/main/AWSome-Pentesting-Cheatsheet.md

https://github.com/CyberSecArmy/AWS-Offensive-Exploitation---Pentesting

https://github.com/rootcathacking/cloudcat/blob/main/aws_cli.md

https://github.com/NickTheSecurityDude/AWS-Pentesting-Notes

https://github.com/0xdeadpool/AWS-Essentails-for-Pentest

• • AWS: Tools

https://github.com/sebastian-mora/AWS-Loot

https://github.com/DavidDikker/endgame

https://github.com/gwen001/s3-buckets-finder

https://github.com/Ebryx/S3Rec0n

https://github.com/RhinoSecurityLabs/pacu

https://github.com/BishopFox/cloudfox

https://github.com/carnal0wnage/weirdAAL

https://github.com/ajinabraham/aws_security_tools

• • AWS: Labs

https://cloud.hacktricks.xyz/pentesting-cloud/aws-security

https://github.com/juanjoSanz/aws-pentesting-lab

https://github.com/torque59/AWS-Vulnerable-Lambda

https://github.com/stafordtituss/HazProne

https://gainsec.com/2020/08/03/complete-cloudgoat-setup-guide/

https://github.com/applied-network-security/aws-pentesting-lab

https://github.com/marcosValle/auto-pentest-lab

• Major topics to know:
• IAM Policies
• S3 Buckets
• EC2 Instances
• lambda functions & API endpoints
• VPC
• Group and Managed policies

• Find ssh keys --> use 'aws s3 cp' to get ssh key
• SSRF
• RCE

• instance-profile-attachment

  • have low or insufficient privileges, but this permission - can create a new EC2 instance with higher privileges than can be further exploited
• • Setting up your first AWS lab - a high level overview:
  • Make AWS account
  • Go to IAM and create a user or users and group(s) with the proper permissions/policies - depends on the lab, but for cloudgoat these work: (AdministratorAccess, AmazonRDSFullAccess, IAMFullAccess, AmazonS3FullAccess, CloudWatchFullAccess, AmazonDynamoDBFullAcces)
  • Go to S3 and ensure you can create buckets
  • configure your AWS account locally with the aws cli, using the account ID, secret, and region that you obtained when creatng the IAM roles
  • It may be necessary to enable ACLs, which can be done through the S3 bucket permissions

---

• Azure

  Resources, Tools, and Labs

• Azure: Resources

https://pentestbook.six2dez.com/enumeration/cloud/azure

https://github.com/CMEPW/azure-mindmap

https://cloud.hacktricks.xyz/pentesting-cloud/azure-security

https://github.com/Kyuu-Ji/Awesome-Azure-Pentest

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md

https://www.cobalt.io/blog/azure-ad-pentesting-fundamentals

https://www.getastra.com/blog/security-audit/azure-penetration-testing/

https://github.com/mburrough/pentestingazureapps

https://github.com/badchars/AzureAD-Pentest

https://github.com/sabrinalupsan/pentesting-azure-ad

• • Azure: Tools

https://github.com/ZephrFish/AzureAttackKit

https://github.com/AlteredSecurity/365-Stealer

https://github.com/optionalCTF/SSOh-No

https://github.com/CasperGN/MFASweep.py

https://github.com/nyxgeek/onedrive_user_enum

• • Azure: Labs

https://github.com/esell/azure-sec-lab

https://github.com/uc-cyberclub/azure-pentesting-lab-tf

• Things to look for
• Blobs
• AFR
• Leaked Tokens/Credentials
• Authentication and password attacks - spraying oauth

---

• Google Cloud

  Resources

• • GCP: Resources https://pentestbook.six2dez.com/enumeration/cloud/gcp

https://cloud.hacktricks.xyz/pentesting-cloud/gcp-security

---

Kubernetes Resources, Labs, Tools

• • Kubernetes: Resources https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security

https://pentestbook.six2dez.com/enumeration/cloud/docker-and-and-kubernetes

https://github.com/SunWeb3Sec/Kubernetes-security

https://github.com/jarvarbin/Kubernetes-Pentesting

https://github.com/magnologan/awesome-k8s-security

https://hannahsuarez.github.io/2019/pentesting-kubernetes/

https://gitlab.com/pentest-tools/PayloadsAllTheThings/-/tree/master/Kubernetes

https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-1

https://lobuhisec.medium.com/kubernetes-pentest-recon-checklist-tools-and-resources-30d8e4b69463

https://hacktricks.boitatech.com.br/pentesting/pentesting-kubernetes

https://securitycafe.ro/2023/02/27/a-complete-kubernetes-config-review-methodology/

https://github.com/ksoclabs/awesome-kubernetes-security

https://github.com/g3rzi/HackingKubernetes

https://reconshell.com/kubernetes-security-checklist/ -These two are more about configuration but, gotta know how to build to know how to break it

https://reconshell.com/kubernetes-security-checklist/

• • Kubernetes - Tools

https://github.com/madhuakula/hacker-container

https://github.com/quarkslab/kdigger

https://github.com/aquasecurity/kube-hunter/

https://github.com/inguardians/peirates

https://github.com/collabnix/kubetools

https://github.com/4ARMED/kubeletmein

https://github.com/cdk-team/CDK

• • Kubernetes - Labs

https://github.com/madhuakula/kubernetes-goat

https://github.com/nabilblk/k8s-security

Things to know: - Clusters - RBAC - Service Tokens & Secrets - Pods - Endpoints & API

---

• Practice General Labs & Writeups/Walkthroughs

* Other/General Labs:

Lab compilations:

https://github.com/iknowjason/Awesome-CloudSec-Labs

https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training

• Walkthroughs:

https://github.com/appsecco/attacking-cloudgoat2

https://rhinosecuritylabs.com/aws/cloudgoat-walkthrough-rce_web_app/

https://github.com/appsecco/attacking-cloudgoat2

https://resources.infosecinstitute.com/topic/cloudgoat-walkthrough-series-iam-privilege-escalation-by-attachment/

---

• Tools

  Other tools that don't quite fit in a specific provider section or are applicable to all/multiple

awscli

terraform

https://github.com/nccgroup/ScoutSuite

https://github.com/iknowjason/edge

https://github.com/0xsha/CloudBrute

https://github.com/Macmod/STARS

https://github.com/Zeus-Labs/ZeusCloud

https://github.com/rams3sh/Aaia

https://github.com/RhinoSecurityLabs/ccat

https://github.com/404tk/cloudtoolkit

https://github.com/lord-alfred/ipranges

• Cloud-Specific Frameworks

  C2 framework

https://github.com/gl4ssesbo1/Nebula

---