{"id":13843898,"url":"https://github.com/CyberSecurityUP/Cloud-Security-Attacks","last_synced_at":"2025-07-11T20:30:50.404Z","repository":{"id":59646331,"uuid":"538168541","full_name":"CyberSecurityUP/Cloud-Security-Attacks","owner":"CyberSecurityUP","description":"Azure and AWS Attacks","archived":false,"fork":false,"pushed_at":"2022-11-25T03:29:13.000Z","size":12,"stargazers_count":1105,"open_issues_count":4,"forks_count":247,"subscribers_count":32,"default_branch":"main","last_synced_at":"2025-05-23T18:14:42.430Z","etag":null,"topics":["aws","azure","cloud-attack","cloud-pentesting","cloudpentest","gcp","redteam"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CyberSecurityUP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-09-18T16:23:48.000Z","updated_at":"2025-05-22T12:41:18.000Z","dependencies_parsed_at":"2022-09-19T19:12:30.119Z","dependency_job_id":null,"html_url":"https://github.com/CyberSecurityUP/Cloud-Security-Attacks","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/CyberSecurityUP/Cloud-Security-Attacks","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FCloud-Security-Attacks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FCloud-Security-Attacks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FCloud-Security-Attacks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FCloud-Security-Attacks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CyberSecurityUP","download_url":"https://codeload.github.com/CyberSecurityUP/Cloud-Security-Attacks/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FCloud-Security-Attacks/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264892028,"owners_count":23679208,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","azure","cloud-attack","cloud-pentesting","cloudpentest","gcp","redteam"],"created_at":"2024-08-04T17:02:30.260Z","updated_at":"2025-07-11T20:30:49.730Z","avatar_url":"https://github.com/CyberSecurityUP.png","language":null,"funding_links":[],"categories":["🚨 취약점 DB","Others"],"sub_categories":[],"readme":"# Cloud Security - Attacks\n\n## AWS\n\n### Privilege Escalation to SYSTEM in AWS VPN Client\n\n- https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/\n\n### AWS WorkSpaces Remote Code Execution\n\n- https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/\n\n### Resource Injection in CloudFormation Templates\n\n- https://rhinosecuritylabs.com/aws/cloud-malware-cloudformation-injection/\n\n### Downloading and Exploring AWS EBS Snapshots\n\n- https://rhinosecuritylabs.com/aws/exploring-aws-ebs-snapshots/\n\n### CloudGoat ECS_EFS_Attack Walkthrough\n\n- https://rhinosecuritylabs.com/cloud-security/cloudgoat-aws-ecs_efs_attack/\n\n### GKE Kubelet TLS Bootstrap Privilege Escalation\n\n- https://rhinosecuritylabs.com/cloud-security/kubelet-tls-bootstrap-privilege-escalation/\n\n### Weaponizing AWS ECS Task Definitions to Steal Credentials From Running Containers\n\n- https://rhinosecuritylabs.com/aws/weaponizing-ecs-task-definitions-steal-credentials-running-containers/\n\n### CloudGoat AWS Scenario Walkthrough: “EC2_SSRF”\n\n- https://rhinosecuritylabs.com/cloud-security/cloudgoat-aws-scenario-ec2_ssrf/\n\n### Pillaging AWS ECS Task Definitions for Hardcoded Secrets\n\n- https://rhinosecuritylabs.com/aws/pillaging-ecs-task-definitions-two-new-pacu-modules/\n\n### Abusing VPC Traffic Mirroring in AWS\n\n- https://rhinosecuritylabs.com/aws/abusing-vpc-traffic-mirroring-in-aws/\n\n### Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT)\n\n- https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/\n\n### Bypassing IP Based Blocking with AWS API Gateway\n\n- https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/\n\n### Phishing Users with MFA on AWS\n\n- https://rhinosecuritylabs.com/aws/mfa-phishing-on-aws/\n\n### AWS IAM Privilege Escalation – Methods and Mitigation\n\n- https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/\n\n### Penetration Testing AWS Storage: Kicking the S3 Bucket\n\n- https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-storage/\n\n### Cloud Security Risks (P2): CSV Injection in AWS CloudTrail\n\n- https://rhinosecuritylabs.com/aws/cloud-security-csv-injection-aws-cloudtrail/\n\n### Amazon’s AWS Misconfiguration: Arbitrary Files Upload in Amazon Go\n\n- https://rhinosecuritylabs.com/aws/amazon-aws-misconfiguration-amazon-go/\n\n### Privilege Escalation Attack : Attacking AWS IAM permission misconfigurations\n\n- https://payatu.com/blog/mayank.arora/iam_privilege_escalation_attack\n\n### IAM Vulnerable - An AWS IAM Privilege Escalation Playground\n\n- https://bishopfox.com/blog/aws-iam-privilege-escalation-playground\n\n### Escalator to the Cloud: 5 Privesc Attack Vectors in AWS\n\n- https://bishopfox.com/blog/5-privesc-attack-vectors-in-aws\n\n### Vulnerable AWS Lambda function – Initial access in cloud attacks\n\n- https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/\n\n### Inside a Privilege Escalation Attack via Amazon Web Services’ EC2\n\n- https://thenewstack.io/inside-a-privilege-escalation-attack-via-amazon-web-services-ec2/\n\n### AWS Attacks\n\n- https://pentestbook.six2dez.com/enumeration/cloud/aws\n\n### AWS Shadow Admin\n\n- https://www.admin-magazine.com/Archive/2021/63/Shadow-admin-permissions-and-your-AWS-account\n\n### Gaining AWS Console Access via API Keys\n\n- https://www.netspi.com/blog/technical/gaining-aws-console-access-via-api-keys/\n\n### Automate AWS AMI Creation For EC2 And Copy to Other Region \n\n- https://dheeraj3choudhary.com/automate-aws-ami-creation-for-ec2-and-copy-to-other-region-or-disaster-recovery\n\n### Instance Connect - Push an SSH key to EC2 instance\n\n- https://cloudonaut.io/connect-to-your-ec2-instance-using-ssh-the-modern-way/\n\n### Golden SAML Attack \n\n- https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps\n- https://blog.sygnia.co/detection-and-hunting-of-golden-saml-attack\n\n### Stealing hashes from Domain Controllers in the Cloud\n\n- https://medium.com/@_StaticFlow_/cloudcopy-stealing-hashes-from-domain-controllers-in-the-cloud-c55747f0913\n\n### AWS PenTest Methodology\n\n- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20AWS%20Pentest.md\n\n### CloudGoat Official Walkthrough Series: “rce_web_app”\n\n- https://rhinosecuritylabs.com/aws/cloudgoat-walkthrough-rce_web_app/\n\n## Azure\n\n### GKE Kubelet TLS Bootstrap Privilege Escalation\n\n- https://rhinosecuritylabs.com/cloud-security/kubelet-tls-bootstrap-privilege-escalation/\n\n### Cloud Security Risks (Part 1): Azure CSV Injection Vulnerability\n\n- https://rhinosecuritylabs.com/azure/cloud-security-risks-part-1-azure-csv-injection-vulnerability/\n\n### Security for SaaS Companies: Leveraging Infosec for Business Value\n\n- https://rhinosecuritylabs.com/cloud-security/security-saas-companies-leveraging-infosec-business-value/\n\n### Common Azure Security Vulnerabilities and Misconfigurations\n\n- https://rhinosecuritylabs.com/cloud-security/common-azure-security-vulnerabilities/\n\n### Enumerate valid emails\n\n- https://zigmax.net/enumerate-valid-emails-accounts%EF%BF%BC/\n\n### Enumerate Azure Subdomains\n\n- https://www.netspi.com/blog/technical/cloud-penetration-testing/enumerating-azure-services/\n- https://m0chan.github.io/2019/12/16/Subdomain-Takeover-Azure-CDN.html\n\n### Azure Attacks\n\n- https://pentestbook.six2dez.com/enumeration/cloud/azure\n\n### Azure Active Directory Account Enumeration\n\n- https://helloitsliam.com/2021/11/18/azure-active-directory-account-enumeration/\n\n### Abusing Microsoft’s Azure domains to host phishing attacks\n\n- https://www.zscaler.fr/blogs/security-research/abusing-microsofts-azure-domains-host-phishing-attacks\n\n### Defending against the EvilGinx2 MFA Bypass\n\n- https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad/defending-against-the-evilginx2-mfa-bypass/m-p/501719\n- https://thecloudtechnologist.com/2019/04/29/defending-against-evilginx2-in-office-365/\n\n### Introduction To 365-Stealer - Understanding and Executing the Illicit Consent Grant Attack\n\n- https://www.alteredsecurity.com/post/introduction-to-365-stealer\n- https://www.cloud-architekt.net/detection-and-mitigation-consent-grant-attacks-azuread/\n\n### Azure AD Password spray; from attack to detection (and prevention).\n\n- https://derkvanderwoude.medium.com/password-spray-from-attack-to-detection-and-prevention-87c48cede0c0\n- https://jeffreyappel.nl/protecting-against-password-spray-attacks-with-azure-sentinel-and-azure-ad/\n\n### LATERAL MOVEMENT TO THE CLOUD WITH PASS-THE-PRT\n\n- https://stealthbits.com/blog/lateral-movement-to-the-cloud-pass-the-prt/\n- https://derkvanderwoude.medium.com/pass-the-prt-attack-and-detection-by-microsoft-defender-for-afd7dbe83c94\n\n### Azure AD Pass The Certificate\n\n- https://medium.com/@mor2464/azure-ad-pass-the-certificate-d0c5de624597\n\n### How to SSH into specific Azure Web App instance\n\n- https://codez.deedx.cz/posts/how-to-ssh-into-web-app-instance/\n\n### Attacking Azure, Azure AD, and Introducing PowerZure\n\n- https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a\n\n### Undetected Azure Active Directory Brute-Force Attacks\n\n- https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks\n\n### How Azure AD Could Be Vulnerable to Brute-Force and DOS Attacks\n\n- https://medium.com/hackernoon/azure-brute-farce-17e27dc05f85\n\n### How to bypass MFA in Azure and O365\n\n- https://secwise.be/how-to-bypass-mfa-in-azure-and-o365-part-1/\n\n## AWS Security Tools\n\n- https://github.com/toniblyx/my-arsenal-of-aws-security-tools\n\n- https://github.com/blackbotsecurity/AWS-Attack\n\n- https://github.com/awslabs/aws-cloudsaga\n\n- https://github.com/awslabs/aws-support-tools\n\n- https://github.com/0xVariable/AWS-Security-Tools\n\n- https://cybersecurityup.github.io/awstrm/index.html\n\n- https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/AWS.md\n\n- https://github.com/RhinoSecurityLabs/cloudgoat\n\n## Azure Security Tools\n\n- https://github.com/NetSPI/MicroBurst/blob/master/Misc/Invoke-EnumerateAzureBlobs.ps1\n\n- https://microsoft.github.io/Azure-Threat-Research-Matrix/\n\n- https://github.com/Cloud-Architekt/AzureAD-Attack-Defense\n\n- https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/Azure.md\n\n- https://github.com/Kyuu-Ji/Awesome-Azure-Pentest/blob/main/README.md\n\n- https://github.com/ine-labs/AzureGoat\n\n- https://github.com/kmcquade/awesome-azure-security\n\n- https://github.com/nccgroup/azucar\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FCyberSecurityUP%2FCloud-Security-Attacks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FCyberSecurityUP%2FCloud-Security-Attacks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FCyberSecurityUP%2FCloud-Security-Attacks/lists"}