mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-21 18:33:03 +00:00
.. | ||
cloud_logging.md | ||
enumerating_aws_boto3.md | ||
high_level_best_practices_pen_testing.md | ||
README.md | ||
s3_words.txt |
Cloud Security Resources
- Cloud Security Resources from AWS
- Penetration Testing Rules of Engagement in Microsoft Azure
- Penetration Testing in AWS
- Penetration Testing in Google Cloud Platform and Cloud Security FAQ
- Google Cloud Security Center
- High-level Best Practices when Performing Pen Testing in Cloud Environments
Vulnerables
- CloudGoat
- Damn Vulnerable Cloud Application(DVCA)
- PENETRATION TESTING AWS STORAGE: KICKING THE S3 BUCKET - Written by Dwight Hohnstein from Rhino Security Labs.
Additional Tools
- Taken - Takeover AWS Ips And Have A Working POC For Subdomain Takeover
- Autovpn - Create On Demand Disposable OpenVPN Endpoints On AWS
- SpaceSiren - A Honey Token Manager And Alert System For AWS
- AWS Recon - Multi-threaded AWS Inventory Collection Tool With A Focus On Security-Relevant Resources And Metadata
- DAGOBAH - Open Source Tool To Generate Internal Threat Intelligence, Inventory & Compliance Data From AWS Resources
- AWS Report - A Tool For Analyzing Amazon Resources
- SkyArk - Helps To Discover, Assess And Secure The Most Privileged Entities In Azure And AWS
- Cloudsplaining - An AWS IAM Security Assessment Tool That Identifies Violations Of Least Privilege And Generates A Risk-Prioritized Report
- SkyWrapper - Tool That Helps To Discover Suspicious Creation Forms And Uses Of Temporary Tokens In AWS
- Sandcastle - A Python Script For AWS S3 Bucket Enumeration
- Awspx - A Graph-Based Tool For Visualizing Effective Access And Resource Relationships In AWS Environments
- AWSGen.py - Generates Permutations, Alterations And Mutations Of AWS S3 Buckets Names
- AlertResponder - Automatic Security Alert Response Framework By AWS Serverless Application Model
- Aaia - AWS Identity And Access Management Visualizer And Anomaly Finder
- FireProx - AWS API Gateway Management Tool For Creating On The Fly HTTP Pass-Through Proxies For Unique IP Rotation
Azure
Enumeration Tools
Email and Username Enumeration
- o365creeper - Enumerate valid email addresses
- Office 365 User Enumeration - Enumerate valid usernames from Office 365
Cloud Infrastructure Enumeration
- CloudBrute - Find a cloud infrastructure of a company
- cloud_enum - Multi-cloud OSINT tool
- Azucar - Security auditing tool for Azure environments
Azure Specific Enumeration
- BlobHunter - Scanning Azure blob storage accounts
- Grayhat Warfare - Open Azure blobs search
- Azure-AccessPermissions - Enumerate access permissions in Azure AD
Information Gathering Tools
Azure Information Gathering
- o365recon - Information gathering with valid credentials to Azure
- Azurite - Enumeration and reconnaissance in Microsoft Azure Cloud
- Sparrow.ps1 - Detect possible compromised accounts in Azure/M365
- Microsoft Azure AD Assessment - Assessing Azure AD tenant state
Multi-Cloud Security Auditing
- ScoutSuite - Multi-cloud security auditing tool
- Prowler - AWS and Azure security assessments
Lateral Movement Tools
- Stormspotter - Azure Red Team tool
- AzureADLateralMovement - Lateral Movement graph for Azure AD
- SkyArk - Privileged entities in Azure and AWS
Exploitation Tools
Azure Exploitation
- MicroBurst - Scripts for assessing Microsoft Azure security
- Microsoft-Teams-GIFShell - Microsoft Teams reverse shell execution
Credential Attacks
- MSOLSpray - Password spraying tool for Microsoft Online accounts
- MFASweep - Check if MFA is enabled on multiple Microsoft Services Resources
- adconnectdump - Dump Azure AD Connect credentials
Resources
Articles
- Abusing Azure AD SSO with the Primary Refresh Token
- Abusing dynamic groups in Azure AD for Privilege Escalation
- Attacking Azure, Azure AD, and Introducing PowerZure
- Attacking Azure & Azure AD, Part II
- Azure AD Connect for Red Teamers
- Azure AD Introduction for Red Teamers
- Azure AD Pass The Certificate
- Azure AD privilege escalation - Taking over default application permissions as Application Admin
- Defense and Detection for Attacks Within Azure
- Hunting Azure Admins for Vertical Escalation
- Impersonating Office 365 Users With Mimikatz
- Lateral Movement from Azure to On-Prem AD
- Malicious Azure AD Application Registrations
- Moving laterally between Azure AD joined machines
- CrowdStrike Launches Free Tool to Identify and Help Mitigate Risks in Azure Active Directory
- Privilege Escalation Vulnerability in Azure Functions
- Azure Application Proxy C2
- Recovering Plaintext Passwords from Azure Virtual Machines like It’s the 1990s
- Forensicating Azure VMs
- Network Forensics on Azure VMs
- Cross-Account Container Takeover in Azure Container Instances
- Azure Active Directory password brute-forcing flaw
- How to Detect Azure Active Directory Backdoors: Identity Federation
- Azure App Service vulnerability exposed hundreds of source code repositories
- AutoWarp: Cross-Account Vulnerability in Microsoft Azure Automation Service
- Microsoft Azure Synapse Pwnalytics
- Microsoft Azure Site Recovery DLL Hijacking
- FabriXss (CVE-2022-35829): Abusing a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer
- Untangling Azure Active Directory Principals & Access Permissions
- How to Detect OAuth Access Token Theft in Azure
- How to deal with Ransomware on Azure
- How Orca found Server-Side Request Forgery (SSRF) Vulnerabilities in four different Azure Services
- EmojiDeploy: Smile! Your Azure web service just got RCE’d
- Bounce the Ticket and Silver Iodide on Azure AD Kerberos
Lists and Cheat Sheets
- List of all Microsoft Portals
- Azure Articles from NetSPI
- Azure Cheat Sheet on CloudSecDocs
- Resources about Azure from Cloudberry Engineering
- Resources from PayloadsAllTheThings
- Encyclopedia on Hacking the Cloud
- Azure AD - Attack and Defense Playbook
- Azure Security Resources and Notes
- Azure Threat Research Matrix
Lab Exercises
- azure-security-lab - Securing Azure Infrastructure - Hands on Lab Guide
- AzureSecurityLabs - Hands-on Security Labs focused on Azure IaaS Security
- Building Free Active Directory Lab in Azure
- Aria Cloud Penetration Testing Tools Container - A Docker container for remote penetration testing
- PurpleCloud - Multi-use Hybrid + Identity Cyber Range implementing a small Active Directory Domain in Azure alongside Azure AD and Azure Domain Services
- BlueCloud - Cyber Range system with a Windows VM for security testing with Azure and AWS Terraform support
- Azure Red Team Attack and Detect Workshop
- SANS Workshop – Building an Azure Pentest Lab for Red Teams - The link in the description contains a password-protected OVA file that can be used until 2nd March 2024
Talks and Videos
- Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD
- TR19: I'm in your cloud, reading everyone's emails - hacking Azure AD via Active Directory
- Dirk Jan Mollema - Im In Your Cloud Pwning Your Azure Environment - DEF CON 27 Conference
- Adventures in Azure Privilege Escalation Karl Fosaaen
- Introducing ROADtools - Azure AD exploration for Red Teams and Blue Teams