Enumerate services via AWS Backup
Enumerate AWS services via AWS Backup| Hacking The Cloud
In AWS, deleting and recreating an IAM role results in a new identity that breaks existing trust policies. This behavior improves security by preventing identity spoofing but can cause failures in cross-account access and third-party integrations if not properly understood.| Hacking The Cloud
A new privilege escalation technique in Google Cloud that leverages tag bindings to bypass IAM conditions and gain unauthorized access to sensitive resources.| hackingthe.cloud
Obtain persistence by creating a rogue OIDC Identity Provider.| hackingthe.cloud
An end of year summary for Hacking the Cloud in 2024.| hackingthe.cloud
Discover how to identify and exploit misconfigured AWS IAM roles using Terraform Cloud OIDC| Hacking The Cloud
A playbook on how to exploit AWS resources that can be misconfigured via resource-based policies.| hackingthe.cloud
A collection of tips and tricks for using the AWS CLI.| hackingthe.cloud
Discover how to identify and exploit misconfigured AWS IAM roles using GitLab OIDC, with a detailed, step-by-step guide.| Hacking The Cloud
Identify if an email address belongs to the root user of an AWS account.| Hacking The Cloud
How to escalate privileges on an EC2 instance by abusing user data.| Hacking The Cloud
Leverage a flaw in Cognito's API to enumerate accounts in User Pools.| Hacking The Cloud
How orphaned Route53 records and CloudFront distributions can be taken over if the backing S3 bucket is deleted.| Hacking The Cloud
Exfiltrate data via S3:GetObject and S3 server access logs.| Hacking The Cloud
Use sts:GetFederationToken to maintain access, even if the original IAM credentials are revoked.| Hacking The Cloud
A catalog of methods to maintain access to the AWS control plane.| Hacking The Cloud
Using the AWS CLI as a LOLScript to download and exfiltrate data.| Hacking The Cloud
How to take advantage of misconfigured Amazon Cognito Identity Pools.| Hacking The Cloud
How to take advantage of misconfigured Amazon Cognito User Pools.| Hacking The Cloud
Discover how to exploit information disclosure configurations in Azure Active Directory to enumerate valid email addresses.| Hacking The Cloud
Discover how to exploit information disclosure configurations in Google Workspace to enumerate valid email addresses.| Hacking The Cloud
How to use IAM credentials to create an AWS Console session.| Hacking The Cloud
Backdooring S3 buckets with Bucket Replication Policies.| Hacking The Cloud
With ECR permissions you can easily distribute a backdoor to production servers, developer's laptops, or CI/CD pipelines and own the environment by gaining privileged permissions.| Hacking The Cloud
Privilege escalation techniques for Google Cloud Platform (GCP)| Hacking The Cloud
Using ANSI Escape Sequences to Hide Malicious Terraform Code| Hacking The Cloud
Default information on how accounts and service accounts exist in GCP| Hacking The Cloud
Security considerations and constraints that are unique to GCP| Hacking The Cloud
Leverage privileged access in an AWS account to run arbitrary commands on an EC2 instance.| Hacking The Cloud
Finding and accessing files stored in Azure Storage Accounts without authentication.| Hacking The Cloud
Recovering and accessing files in private Storage Accounts that have been deleted.| Hacking The Cloud
With access to an ec2 instance, you will be able to identify the AWS account it runs in.| Hacking The Cloud
During an assessment you may find AWS IAM credentials. Use these tactics to identify the principal of the keys.| Hacking The Cloud
Leverage a default configuration in Terraform Enterprise to steal credentials from the Metadata Service| Hacking The Cloud
Common techniques that can be leveraged to escalate privileges in an AWS account.| Hacking The Cloud
Convert access to the AWS Console into IAM credentials.| Hacking The Cloud
Leverage a bug in the AWS API to enumerate permissions for a role without logging to CloudTrail and alerting the Blue Team.| Hacking The Cloud
Connect to the Tor network from an EC2 instance without alerting GuardDuty.| Hacking The Cloud
With access to an EC2 instance you can intercept, modify, and spoof SSM communications.| Hacking The Cloud
Maintain access to an EC2 instance and it's IAM role via user data scripts.| Hacking The Cloud
Techniques to enumerate the account ID associated with an AWS access key.| Hacking The Cloud
During an assessment you may find AWS IAM credentials. Use these tactics to identify the principal of the keys.| Hacking The Cloud
Leverage file read and SSRF vulnerabilities to steam IAM credentials and event data from Lambda.| Hacking The Cloud
The encyclopedia for offensive security in the cloud| hackingthe.cloud
An in-depth explanation of how to still abuse CVE-2024-28056, a vulnerability in AWS Amplify that exposed IAM roles to takeover.| hackingthe.cloud
Avoid AWS bill surprises by blocking known-expensive API calls with an SCP.| hackingthe.cloud
Brute force the permissions of all resources above to see what permissions you have. Includes example of brute forcing ~9500 permissions at the end. Also introduces tool that passively collections permissions allowed as run (gcpwn)| hackingthe.cloud
How to take advantage of misconfigured role trust policies that have wildcard principals.| hackingthe.cloud
Utilizng standard out to standard in with aws-cli utilizing multiple profiles to avoid logging and detection in a victim environment| hackingthe.cloud
How to convert an unique identifier to a principal ARN.| hackingthe.cloud
Knowing only the name of a public S3 bucket, you can ascertain the account ID it resides in.| hackingthe.cloud
An introduction to the Instance Metadata Service and how to access it.| hackingthe.cloud
Discover how to exploit cross-account behaviors to enumerate IAM users and roles in another AWS account without authentication.| hackingthe.cloud
Prevent Kali Linux, ParrotOS, and Pentoo Linux from throwing GuardDuty alerts by modifying the User Agent string.| hackingthe.cloud
An end of year summary for Hacking the Cloud in 2022.| hackingthe.cloud
How to find and take advantage of exposed EBS snapshots.| hackingthe.cloud
Common misconfigurations of resource-based policies and how they can be abused.| hackingthe.cloud
How to take advantage of misconfigured AWS ECR private repositories.| hackingthe.cloud
How to abuse AWS Organizations' default behavior and lateral movement capabilities.| hackingthe.cloud
Brute force the permissions of a service account to see what you have access to.| hackingthe.cloud
How to work with stolen IAM credentials and things to consider.| hackingthe.cloud
By modifying the route53 entries and utilizing the acm-pca private CA one can hijack the calls to AWS API inside the AWS VPC| hackingthe.cloud
Modify existing GuardDuty configurations in the target account to hinder alerting and remediation capabilities.| hackingthe.cloud
Information about the data an attacker can access via GCP's API endpoints| hackingthe.cloud
How to establish persistence on a Lambda function after getting remote code execution.| hackingthe.cloud
Maintain access to S3 resources by configuring Access Control Lists associated with S3 Buckets or Objects.| hackingthe.cloud
Brute force the IAM permissions of a user or role to see what you have access to.| hackingthe.cloud
Abuse security group connection tracking to maintain persistence even when security group rules are changed.| hackingthe.cloud
When stealing IAM credentials from an EC2 instance you can avoid a GuardDuty detection by using VPC Endpoints.| hackingthe.cloud
Old faithful; How to steal IAM Role credentials from the EC2 Metadata service via SSRF.| hackingthe.cloud
