Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/CyberSecurityUP/Cloud-Security-Attacks

Azure and AWS Attacks
https://github.com/CyberSecurityUP/Cloud-Security-Attacks

Last synced: 22 days ago
JSON representation

Azure and AWS Attacks

Host: GitHub
URL: https://github.com/CyberSecurityUP/Cloud-Security-Attacks
Owner: CyberSecurityUP
Created: 2022-09-18T16:23:48.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2022-11-25T03:29:13.000Z (about 2 years ago)
Last Synced: 2024-11-07T20:41:31.647Z (about 1 month ago)
Size: 11.7 KB
Stars: 1,047
Watchers: 32
Forks: 234
Open Issues: 4
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - CyberSecurityUP/Cloud-Security-Attacks - Azure and AWS Attacks (Others)

README

# Cloud Security - Attacks

## AWS

### Privilege Escalation to SYSTEM in AWS VPN Client

- https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/

### AWS WorkSpaces Remote Code Execution

- https://rhinosecuritylabs.com/aws/cve-2021-38112-aws-workspaces-rce/

### Resource Injection in CloudFormation Templates

- https://rhinosecuritylabs.com/aws/cloud-malware-cloudformation-injection/

### Downloading and Exploring AWS EBS Snapshots

- https://rhinosecuritylabs.com/aws/exploring-aws-ebs-snapshots/

### CloudGoat ECS_EFS_Attack Walkthrough

- https://rhinosecuritylabs.com/cloud-security/cloudgoat-aws-ecs_efs_attack/

### GKE Kubelet TLS Bootstrap Privilege Escalation

- https://rhinosecuritylabs.com/cloud-security/kubelet-tls-bootstrap-privilege-escalation/

### Weaponizing AWS ECS Task Definitions to Steal Credentials From Running Containers

- https://rhinosecuritylabs.com/aws/weaponizing-ecs-task-definitions-steal-credentials-running-containers/

### CloudGoat AWS Scenario Walkthrough: “EC2_SSRF”

- https://rhinosecuritylabs.com/cloud-security/cloudgoat-aws-scenario-ec2_ssrf/

### Pillaging AWS ECS Task Definitions for Hardcoded Secrets

- https://rhinosecuritylabs.com/aws/pillaging-ecs-task-definitions-two-new-pacu-modules/

### Abusing VPC Traffic Mirroring in AWS

- https://rhinosecuritylabs.com/aws/abusing-vpc-traffic-mirroring-in-aws/

### Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT)

- https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/

### Bypassing IP Based Blocking with AWS API Gateway

- https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/

### Phishing Users with MFA on AWS

- https://rhinosecuritylabs.com/aws/mfa-phishing-on-aws/

### AWS IAM Privilege Escalation – Methods and Mitigation

- https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/

### Penetration Testing AWS Storage: Kicking the S3 Bucket

- https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-storage/

### Cloud Security Risks (P2): CSV Injection in AWS CloudTrail

- https://rhinosecuritylabs.com/aws/cloud-security-csv-injection-aws-cloudtrail/

### Amazon’s AWS Misconfiguration: Arbitrary Files Upload in Amazon Go

- https://rhinosecuritylabs.com/aws/amazon-aws-misconfiguration-amazon-go/

### Privilege Escalation Attack : Attacking AWS IAM permission misconfigurations

- https://payatu.com/blog/mayank.arora/iam_privilege_escalation_attack

### IAM Vulnerable - An AWS IAM Privilege Escalation Playground

- https://bishopfox.com/blog/aws-iam-privilege-escalation-playground

### Escalator to the Cloud: 5 Privesc Attack Vectors in AWS

- https://bishopfox.com/blog/5-privesc-attack-vectors-in-aws

### Vulnerable AWS Lambda function – Initial access in cloud attacks

- https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/

### Inside a Privilege Escalation Attack via Amazon Web Services’ EC2

- https://thenewstack.io/inside-a-privilege-escalation-attack-via-amazon-web-services-ec2/

### AWS Attacks

- https://pentestbook.six2dez.com/enumeration/cloud/aws

### AWS Shadow Admin

- https://www.admin-magazine.com/Archive/2021/63/Shadow-admin-permissions-and-your-AWS-account

### Gaining AWS Console Access via API Keys

- https://www.netspi.com/blog/technical/gaining-aws-console-access-via-api-keys/

### Automate AWS AMI Creation For EC2 And Copy to Other Region

- https://dheeraj3choudhary.com/automate-aws-ami-creation-for-ec2-and-copy-to-other-region-or-disaster-recovery

### Instance Connect - Push an SSH key to EC2 instance

- https://cloudonaut.io/connect-to-your-ec2-instance-using-ssh-the-modern-way/

### Golden SAML Attack

- https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
- https://blog.sygnia.co/detection-and-hunting-of-golden-saml-attack

### Stealing hashes from Domain Controllers in the Cloud

- https://medium.com/@_StaticFlow_/cloudcopy-stealing-hashes-from-domain-controllers-in-the-cloud-c55747f0913

### AWS PenTest Methodology

- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20AWS%20Pentest.md

### CloudGoat Official Walkthrough Series: “rce_web_app”

- https://rhinosecuritylabs.com/aws/cloudgoat-walkthrough-rce_web_app/

## Azure

### GKE Kubelet TLS Bootstrap Privilege Escalation

- https://rhinosecuritylabs.com/cloud-security/kubelet-tls-bootstrap-privilege-escalation/

### Cloud Security Risks (Part 1): Azure CSV Injection Vulnerability

- https://rhinosecuritylabs.com/azure/cloud-security-risks-part-1-azure-csv-injection-vulnerability/

### Security for SaaS Companies: Leveraging Infosec for Business Value

- https://rhinosecuritylabs.com/cloud-security/security-saas-companies-leveraging-infosec-business-value/

### Common Azure Security Vulnerabilities and Misconfigurations

- https://rhinosecuritylabs.com/cloud-security/common-azure-security-vulnerabilities/

### Enumerate valid emails

- https://zigmax.net/enumerate-valid-emails-accounts%EF%BF%BC/

### Enumerate Azure Subdomains

- https://www.netspi.com/blog/technical/cloud-penetration-testing/enumerating-azure-services/
- https://m0chan.github.io/2019/12/16/Subdomain-Takeover-Azure-CDN.html

### Azure Attacks

- https://pentestbook.six2dez.com/enumeration/cloud/azure

### Azure Active Directory Account Enumeration

- https://helloitsliam.com/2021/11/18/azure-active-directory-account-enumeration/

### Abusing Microsoft’s Azure domains to host phishing attacks

- https://www.zscaler.fr/blogs/security-research/abusing-microsofts-azure-domains-host-phishing-attacks

### Defending against the EvilGinx2 MFA Bypass

- https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad/defending-against-the-evilginx2-mfa-bypass/m-p/501719
- https://thecloudtechnologist.com/2019/04/29/defending-against-evilginx2-in-office-365/

### Introduction To 365-Stealer - Understanding and Executing the Illicit Consent Grant Attack

- https://www.alteredsecurity.com/post/introduction-to-365-stealer
- https://www.cloud-architekt.net/detection-and-mitigation-consent-grant-attacks-azuread/

### Azure AD Password spray; from attack to detection (and prevention).

- https://derkvanderwoude.medium.com/password-spray-from-attack-to-detection-and-prevention-87c48cede0c0
- https://jeffreyappel.nl/protecting-against-password-spray-attacks-with-azure-sentinel-and-azure-ad/

### LATERAL MOVEMENT TO THE CLOUD WITH PASS-THE-PRT

- https://stealthbits.com/blog/lateral-movement-to-the-cloud-pass-the-prt/
- https://derkvanderwoude.medium.com/pass-the-prt-attack-and-detection-by-microsoft-defender-for-afd7dbe83c94

### Azure AD Pass The Certificate

- https://medium.com/@mor2464/azure-ad-pass-the-certificate-d0c5de624597

### How to SSH into specific Azure Web App instance

- https://codez.deedx.cz/posts/how-to-ssh-into-web-app-instance/

### Attacking Azure, Azure AD, and Introducing PowerZure

- https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a

### Undetected Azure Active Directory Brute-Force Attacks

- https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks

### How Azure AD Could Be Vulnerable to Brute-Force and DOS Attacks

- https://medium.com/hackernoon/azure-brute-farce-17e27dc05f85

### How to bypass MFA in Azure and O365

- https://secwise.be/how-to-bypass-mfa-in-azure-and-o365-part-1/

## AWS Security Tools

- https://github.com/toniblyx/my-arsenal-of-aws-security-tools

- https://github.com/blackbotsecurity/AWS-Attack

- https://github.com/awslabs/aws-cloudsaga

- https://github.com/awslabs/aws-support-tools

- https://github.com/0xVariable/AWS-Security-Tools

- https://cybersecurityup.github.io/awstrm/index.html

- https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/AWS.md

- https://github.com/RhinoSecurityLabs/cloudgoat

## Azure Security Tools

- https://github.com/NetSPI/MicroBurst/blob/master/Misc/Invoke-EnumerateAzureBlobs.ps1

- https://microsoft.github.io/Azure-Threat-Research-Matrix/

- https://github.com/Cloud-Architekt/AzureAD-Attack-Defense

- https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/Azure.md

- https://github.com/Kyuu-Ji/Awesome-Azure-Pentest/blob/main/README.md

- https://github.com/ine-labs/AzureGoat

- https://github.com/kmcquade/awesome-azure-security

- https://github.com/nccgroup/azucar