{"id":23879720,"url":"https://github.com/jeremylaratro/cloud_pentesting_overview","last_synced_at":"2025-04-09T18:08:53.232Z","repository":{"id":167455620,"uuid":"643094851","full_name":"jeremylaratro/cloud_pentesting_overview","owner":"jeremylaratro","description":"Cloud Pentesting Resource Collection","archived":false,"fork":false,"pushed_at":"2024-01-10T22:21:59.000Z","size":110,"stargazers_count":20,"open_issues_count":0,"forks_count":4,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-23T20:11:11.479Z","etag":null,"topics":["aws","cloud","cloudsecurity","pentesting","security"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jeremylaratro.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-05-20T04:56:16.000Z","updated_at":"2025-03-15T09:47:51.000Z","dependencies_parsed_at":"2024-01-10T23:52:33.826Z","dependency_job_id":null,"html_url":"https://github.com/jeremylaratro/cloud_pentesting_overview","commit_stats":null,"previous_names":["jeremylaratro/cloud_pentesting_overview"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeremylaratro%2Fcloud_pentesting_overview","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeremylaratro%2Fcloud_pentesting_overview/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeremylaratro%2Fcloud_pentesting_overview/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeremylaratro%2Fcloud_pentesting_overview/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jeremylaratro","download_url":"https://codeload.github.com/jeremylaratro/cloud_pentesting_overview/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248085153,"owners_count":21045135,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cloud","cloudsecurity","pentesting","security"],"created_at":"2025-01-03T23:32:27.475Z","updated_at":"2025-04-09T18:08:53.187Z","avatar_url":"https://github.com/jeremylaratro.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cloud Pentesting: Resource and Lab Collection\n\nPersonal compilation of cloud-related pentesting/cloud security links and resources. Feel free to add.  \n\n## Overview\n\u003e Common Technologies\n\nSome of the many cloud providers.  \n- AWS\n- GCP\n- Azure\n- Kubernetes\n- IBM\n- Digital Ocean\n\n -----\n \n## Resources\n\u003e Repos, links, etc\n\n#### Cheatsheets and Compilations\n\u003e A compilation of compilations\n\nhttps://github.com/dafthack/CloudPentestCheatsheets\n\nhttps://github.com/TROUBLE-1/Cloud-Pentesting\n\nhttps://github.com/vengatesh-nagarajan/Cloud-pentest\n\nhttps://github.com/kh4sh3i/cloud-penetration-testing\n\n\n#### General Resources\n\u003e Other general, non-technology specific resources\n\nhttps://pentestbook.six2dez.com/enumeration/cloud\n\nhttps://cloud.hacktricks.xyz/welcome/readme\n\nhttps://bishopfox.com/blog/cloud-pen-testing-tools\n\nhttps://medium.com/@mancusomjm/aws-azure-google-cloud-penetration-testing-resources-ca4b2bf1a4a6\n\nhttps://github.com/jassics/security-study-plan\n\n#### General Labs\n\u003e Cloud lab platform with multiple providers\n\nhttps://pwnedlabs.io/\n\n-----\n\n## Technology Specifics\n\u003e Resources, tools, and labs for specific cloud providers\n\n### AWS\n\u003e Resources, Tools, and Labs \n\n- #### AWS: Resources\n\nhttps://pentestbook.six2dez.com/enumeration/cloud/aws\n\nhttps://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20AWS%20Pentest.md\n\nhttps://www.hackthebox.com/blog/aws-pentesting-guide\n\nhttps://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-cloud-need-know/\n\nhttps://infosecwriteups.com/deep-dive-into-aws-penetration-testing-a99192a26898\n\nhttps://cybertalents.com/blog/aws-penetration-testing-what-you-need-to-know\n\nhttps://github.com/pop3ret/AWSome-Pentesting/blob/main/AWSome-Pentesting-Cheatsheet.md\n\nhttps://github.com/CyberSecArmy/AWS-Offensive-Exploitation---Pentesting\n\nhttps://github.com/rootcathacking/cloudcat/blob/main/aws_cli.md\n\nhttps://github.com/NickTheSecurityDude/AWS-Pentesting-Notes\n\nhttps://github.com/0xdeadpool/AWS-Essentails-for-Pentest\n\n\n- #### AWS: Tools\n\nhttps://github.com/sebastian-mora/AWS-Loot\n\nhttps://github.com/DavidDikker/endgame\n\nhttps://github.com/gwen001/s3-buckets-finder\n\nhttps://github.com/Ebryx/S3Rec0n\n\nhttps://github.com/RhinoSecurityLabs/pacu\n\nhttps://github.com/BishopFox/cloudfox\n\nhttps://github.com/carnal0wnage/weirdAAL\n\nhttps://github.com/ajinabraham/aws_security_tools\n\n- #### AWS: Labs\n\nhttps://cloud.hacktricks.xyz/pentesting-cloud/aws-security\n\nhttps://github.com/juanjoSanz/aws-pentesting-lab\n\nhttps://github.com/torque59/AWS-Vulnerable-Lambda\n\nhttps://github.com/stafordtituss/HazProne\n\nhttps://gainsec.com/2020/08/03/complete-cloudgoat-setup-guide/\n\nhttps://github.com/applied-network-security/aws-pentesting-lab\n\nhttps://github.com/marcosValle/auto-pentest-lab\n\n\u003e- Major topics to know:\n- \tIAM Policies\n- \tS3 Buckets\n- \tEC2 Instances\n- \tlambda functions \u0026 API endpoints\n- \tVPC\t\n- \tGroup and Managed policies\n\n\n- Find ssh keys --\u003e use 'aws s3 cp' to get ssh key \n- SSRF\n- RCE \n-  instance-profile-attachment\n\t-  have low or insufficient privileges, but this permission - can create a new EC2 instance with higher privileges than can be further exploited\n\n- #### Setting up your first AWS lab - a high level overview:\t  \n\t- Make AWS account\n\t- Go to IAM and create a user or users and group(s) with the proper permissions/policies - depends on the lab, but for cloudgoat these work: (AdministratorAccess, AmazonRDSFullAccess, IAMFullAccess, AmazonS3FullAccess, CloudWatchFullAccess, AmazonDynamoDBFullAcces)\n\t- Go to S3 and ensure you can create buckets\n\t- configure your AWS account locally with the aws cli, using the account ID, secret, and region that you obtained when creatng the IAM roles\n\t- It may be necessary to enable ACLs, which can be done through the S3 bucket permissions\n\t\n\n-----\n\n### Azure\n\u003e Resources, Tools, and Labs \n\t\n#### Azure: Resources\n\nhttps://pentestbook.six2dez.com/enumeration/cloud/azure\n\nhttps://github.com/CMEPW/azure-mindmap\n\nhttps://cloud.hacktricks.xyz/pentesting-cloud/azure-security\n\nhttps://github.com/Kyuu-Ji/Awesome-Azure-Pentest\n\nhttps://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md\n\nhttps://www.cobalt.io/blog/azure-ad-pentesting-fundamentals\n\nhttps://www.getastra.com/blog/security-audit/azure-penetration-testing/\n\nhttps://github.com/mburrough/pentestingazureapps\n\nhttps://github.com/badchars/AzureAD-Pentest\n\nhttps://github.com/sabrinalupsan/pentesting-azure-ad\n\n- #### Azure: Tools\n\nhttps://github.com/ZephrFish/AzureAttackKit\n\nhttps://github.com/AlteredSecurity/365-Stealer\n\nhttps://github.com/optionalCTF/SSOh-No\n\nhttps://github.com/CasperGN/MFASweep.py\n\nhttps://github.com/nyxgeek/onedrive_user_enum\n\n- #### Azure: Labs\n\nhttps://github.com/esell/azure-sec-lab\n\nhttps://github.com/uc-cyberclub/azure-pentesting-lab-tf\n\n\u003e- Things to look for\n-\tBlobs\n- \tAFR\n- \tLeaked Tokens/Credentials\n- \tAuthentication and password attacks - spraying oauth\n\n-----\n\n### Google Cloud\n\u003e Resources\n\n- #### GCP: Resources\nhttps://pentestbook.six2dez.com/enumeration/cloud/gcp\n\nhttps://cloud.hacktricks.xyz/pentesting-cloud/gcp-security\n\n-----\n\n\u003eKubernetes\n\u003e Resources, Labs, Tools\n\n- #### Kubernetes: Resources\nhttps://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security\n\nhttps://pentestbook.six2dez.com/enumeration/cloud/docker-and-and-kubernetes\n\nhttps://github.com/SunWeb3Sec/Kubernetes-security\n\nhttps://github.com/jarvarbin/Kubernetes-Pentesting\n\nhttps://github.com/magnologan/awesome-k8s-security\n\nhttps://hannahsuarez.github.io/2019/pentesting-kubernetes/\n\nhttps://gitlab.com/pentest-tools/PayloadsAllTheThings/-/tree/master/Kubernetes\n\nhttps://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-1\n\nhttps://lobuhisec.medium.com/kubernetes-pentest-recon-checklist-tools-and-resources-30d8e4b69463\n\nhttps://hacktricks.boitatech.com.br/pentesting/pentesting-kubernetes\n\nhttps://securitycafe.ro/2023/02/27/a-complete-kubernetes-config-review-methodology/\n\nhttps://github.com/ksoclabs/awesome-kubernetes-security\n\nhttps://github.com/g3rzi/HackingKubernetes\n\nhttps://reconshell.com/kubernetes-security-checklist/\n-These two are more about configuration but, gotta know how to build to know how to break it\n\nhttps://reconshell.com/kubernetes-security-checklist/\n\n- #### Kubernetes - Tools\n\nhttps://github.com/madhuakula/hacker-container\n\nhttps://github.com/quarkslab/kdigger\n\nhttps://github.com/aquasecurity/kube-hunter/\n\nhttps://github.com/inguardians/peirates\n\nhttps://github.com/collabnix/kubetools\n\nhttps://github.com/4ARMED/kubeletmein\n\nhttps://github.com/cdk-team/CDK\n\n- #### Kubernetes - Labs\n\nhttps://github.com/madhuakula/kubernetes-goat\n\nhttps://github.com/nabilblk/k8s-security\n\n\u003e Things to know:\n- \tClusters\n- \tRBAC\n- \tService Tokens \u0026 Secrets\n- \tPods\n- \tEndpoints \u0026 API\n-----\n\n\n### Practice General Labs \u0026 Writeups/Walkthroughs\n##### Other/General Labs:\n\u003e Lab compilations:\n\nhttps://github.com/iknowjason/Awesome-CloudSec-Labs\n\nhttps://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training\n\n#### Walkthroughs:\n\nhttps://github.com/appsecco/attacking-cloudgoat2\n\nhttps://rhinosecuritylabs.com/aws/cloudgoat-walkthrough-rce_web_app/\n\nhttps://github.com/appsecco/attacking-cloudgoat2\n\nhttps://resources.infosecinstitute.com/topic/cloudgoat-walkthrough-series-iam-privilege-escalation-by-attachment/\n\n-----\n\n\n### Tools\n\u003e Other tools that don't quite fit in a specific provider section or are applicable to all/multiple\n\n[awscli](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)\n\n[terraform](https://developer.hashicorp.com/terraform/downloads?ajs_aid=22a5f626-91e2-47a1-8a12-c55fbd2fa43f\u0026product_intent=terraform)\n\nhttps://github.com/nccgroup/ScoutSuite\n\nhttps://github.com/iknowjason/edge\n\nhttps://github.com/0xsha/CloudBrute\n\nhttps://github.com/Macmod/STARS\n\nhttps://github.com/Zeus-Labs/ZeusCloud\n\nhttps://github.com/rams3sh/Aaia\n\nhttps://github.com/RhinoSecurityLabs/ccat\n\nhttps://github.com/404tk/cloudtoolkit\n\nhttps://github.com/lord-alfred/ipranges\n\n\n#### Cloud-Specific Frameworks\n\u003e C2 framework \n\nhttps://github.com/gl4ssesbo1/Nebula\n\n\n----\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjeremylaratro%2Fcloud_pentesting_overview","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjeremylaratro%2Fcloud_pentesting_overview","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjeremylaratro%2Fcloud_pentesting_overview/lists"}