cloud.hacktricks.xyz
Open in
urlscan Pro
2606:4700:4400::6812:282f
Public Scan
Submitted URL: http://cloud.hacktricks.xyz/
Effective URL: https://cloud.hacktricks.xyz/
Submission: On March 21 via manual from FR — Scanned from FR
Effective URL: https://cloud.hacktricks.xyz/
Submission: On March 21 via manual from FR — Scanned from FR
Form analysis
0 forms found in the DOMText Content
HACKTRICKS CLOUD HackTricks Cloud HackTricks CloudAfrikaans - Ht CloudChinese - Ht CloudEspañol - Ht CloudFrançais - Ht CloudGerman - Ht CloudGreek - Ht CloudHindi - Ht CloudItalian - Ht CloudJapanese - Ht CloudKorean - Ht CloudPolish - Ht CloudPortuguês - Ht CloudSerbian - Ht CloudSwahili - Ht CloudTurkish - Ht Cloud HackTricks Training Twitter Linkedin Sponsor Ask or SearchCtrl + K * 👽Welcome! * HackTricks Cloud * About the Author * HackTricks Values & faq * 🏭Pentesting CI/CD * Pentesting CI/CD Methodology * Github Security * Abusing Github Actions * Gh Actions - Artifact Poisoning * GH Actions - Cache Poisoning * Gh Actions - Context Script Injections * Basic Github Information * Gitea Security * Basic Gitea Information * Concourse Security * Concourse Architecture * Concourse Lab Creation * Concourse Enumeration & Attacks * CircleCI Security * TravisCI Security * Basic TravisCI Information * Jenkins Security * Basic Jenkins Information * Jenkins RCE with Groovy Script * Jenkins RCE Creating/Modifying Project * Jenkins RCE Creating/Modifying Pipeline * Jenkins Dumping Secrets from Groovy * Apache Airflow Security * Airflow Configuration * Airflow RBAC * Terraform Security * Atlantis Security * Cloudflare Security * Cloudflare Domains * Cloudflare Zero Trust Network * Okta Security * Okta Hardening * Ansible Tower / AWX / Automation controller Security * TODO * ⛈️Pentesting Cloud * Pentesting Cloud Methodology * Kubernetes Pentesting * Kubernetes Basics * Pentesting Kubernetes Services * Kubelet Authentication & Authorization * Exposing Services in Kubernetes * Attacking Kubernetes from inside a Pod * Kubernetes Enumeration * Kubernetes Role-Based Access Control(RBAC) * Abusing Roles/ClusterRoles in Kubernetes * Pod Escape Privileges * Kubernetes Roles Abuse Lab * Kubernetes Namespace Escalation * Kubernetes Pivoting to Clouds * Kubernetes Network Attacks * Kubernetes Hardening * Kubernetes SecurityContext(s) * GCP Pentesting * GCP - Basic Information * GCP - Federation Abuse * GCP - Permissions for a Pentest * GCP - Post Exploitation * GCP - App Engine Post Exploitation * GCP - Artifact Registry Post Exploitation * GCP - Cloud Build Post Exploitation * GCP - Cloud Functions Post Exploitation * GCP - Cloud Run Post Exploitation * GCP - Cloud Shell Post Exploitation * GCP - Cloud SQL Post Exploitation * GCP - Compute Post Exploitation * GCP - Filestore Post Exploitation * GCP - IAM Post Exploitation * GCP - KMS Post Exploitation * GCP - Logging Post Exploitation * GCP - Monitoring Post Exploitation * GCP - Pub/Sub Post Exploitation * GCP - Secretmanager Post Exploitation * GCP - Security Post Exploitation * GCP - Storage Post Exploitation * GCP - Privilege Escalation * GCP - Apikeys Privesc * GCP - AppEngine Privesc * GCP - Artifact Registry Privesc * GCP - BigQuery Privesc * GCP - ClientAuthConfig Privesc * GCP - Cloudbuild Privesc * GCP - Cloudfunctions Privesc * GCP - Cloudidentity Privesc * GCP - Cloudscheduler Privesc * GCP - Compute Privesc * GCP - Add Custom SSH Metadata * GCP - Composer Privesc * GCP - Container Privesc * GCP - Deploymentmaneger Privesc * GCP - IAM Privesc * GCP - KMS Privesc * GCP - Orgpolicy Privesc * GCP - Pubsub Privesc * GCP - Resourcemanager Privesc * GCP - Run Privesc * GCP - Secretmanager Privesc * GCP - Serviceusage Privesc * GCP - Sourcerepos Privesc * GCP - Storage Privesc * GCP - Misc Perms Privesc * GCP - Network Docker Escape * GCP - local privilege escalation ssh pivoting * GCP - Persistence * GCP - API Keys Persistence * GCP - App Engine Persistence * GCP - Artifact Registry Persistence * GCP - BigQuery Persistence * GCP - Cloud Functions Persistence * GCP - Cloud Run Persistence * GCP - Cloud Shell Persistence * GCP - Cloud SQL Persistence * GCP - Compute Persistence * GCP - Filestore Persistence * GCP - Logging Persistence * GCP - Non-svc Persistance * GCP - Secret Manager Persistence * GCP - Storage Persistence * GCP - Services * GCP - AI Platform Enum * GCP - API Keys Enum * GCP - App Engine Enum * GCP - Artifact Registry Enum * GCP - Bigquery Enum * GCP - Bigtable Enum * GCP - Cloud Build Enum * GCP - Cloud Functions Enum * GCP - Cloud Run Enum * GCP - Cloud Shell Enum * GCP - Cloud SQL Enum * GCP - Compute Enum * GCP - Compute Instances * GCP - VPC & Networking * GCP - Containers, GKE & Composer Enum * GCP - DNS Enum * GCP - Filestore Enum * GCP - Firebase Enum * GCP - Firestore Enum * GCP - IAM, Principals & Org Policies Enum * GCP - KMS Enum * GCP - Logging Enum * GCP - Memorystore Enum * GCP - Monitoring Enum * GCP - Pub/Sub Enum * GCP - Secrets Manager Enum * GCP - Security Enum * GCP - Source Repositories Enum * GCP - Spanner Enum * GCP - Stackdriver Enum * GCP - Storage Enum * GCP <--> Workspace Pivoting * GCP - Understanding Domain-Wide Delegation * GCP - Unauthenticated Enum & Access * GCP - API Keys Unauthenticated Enum * GCP - App Engine Unauthenticated Enum * GCP - Artifact Registry Unauthenticated Enum * GCP - Cloud Build Unauthenticated Enum * GCP - Cloud Functions Unauthenticated Enum * GCP - Cloud Run Unauthenticated Enum * GCP - Cloud SQL Unauthenticated Enum * GCP - Compute Unauthenticated Enum * GCP - IAM, Principals & Org Unauthenticated Enum * GCP - Source Repositories Unauthenticated Enum * GCP - Storage Unauthenticated Enum * GCP - Public Buckets Privilege Escalation * GWS - Workspace Pentesting * GWS - Post Exploitation * GWS - Persistence * GWS - Google Platforms Phishing * GWS - App Scripts * AWS Pentesting * AWS - Basic Information * AWS - Federation Abuse * AWS - Permissions for a Pentest * AWS - Persistence * AWS - API Gateway Persistence * AWS - Cognito Persistence * AWS - DynamoDB Persistence * AWS - EC2 Persistence * AWS - ECR Persistence * AWS - ECS Persistence * AWS - Elastic Beanstalk Persistence * AWS - EFS Persistence * AWS - IAM Persistence * AWS - KMS Persistence * AWS - Lambda Persistence * AWS - Abusing Lambda Extensions * AWS - Lambda Layers Persistence * AWS - Lightsail Persistence * AWS - RDS Persistence * AWS - S3 Persistence * AWS - SNS Persistence * AWS - Secrets Manager Persistence * AWS - SQS Persistence * AWS - SSM Perssitence * AWS - STS Persistence * AWS - Post Exploitation * AWS - API Gateway Post Exploitation * AWS - CloudFront Post Exploitation * AWS - CodeBuild Post Exploitation * AWS Codebuild - Token Leakage * AWS - Control Tower Post Exploitation * AWS - DLM Post Exploitation * AWS - DynamoDB Post Exploitation * AWS - EC2, EBS, SSM & VPC Post Exploitation * AWS - EBS Snapshot Dump * AWS - Malicious VPC Mirror * AWS - ECR Post Exploitation * AWS - ECS Post Exploitation * AWS - EFS Post Exploitation * AWS - EKS Post Exploitation * AWS - Elastic Beanstalk Post Exploitation * AWS - IAM Post Exploitation * AWS - KMS Post Exploitation * AWS - Lambda Post Exploitation * AWS - Steal Lambda Requests * AWS - Lightsail Post Exploitation * AWS - Organizations Post Exploitation * AWS - RDS Post Exploitation * AWS - S3 Post Exploitation * AWS - Secrets Manager Post Exploitation * AWS - SES Post Exploitation * AWS - SNS Post Exploitation * AWS - SQS Post Exploitation * AWS - SSO & identitystore Post Exploitation * AWS - STS Post Exploitation * AWS - VPN Post Exploitation * AWS - Privilege Escalation * AWS - Apigateway Privesc * AWS - Chime Privesc * AWS - Codebuild Privesc * AWS - Codepipeline Privesc * AWS - Codestar Privesc * codestar:CreateProject, codestar:AssociateTeamMember * iam:PassRole, codestar:CreateProject * AWS - Cloudformation Privesc * iam:PassRole, cloudformation:CreateStack,and cloudformation:DescribeStacks * AWS - Cognito Privesc * AWS - Datapipeline Privesc * AWS - Directory Services Privesc * AWS - DynamoDB Privesc * AWS - EBS Privesc * AWS - EC2 Privesc * AWS - ECR Privesc * AWS - ECS Privesc * AWS - EFS Privesc * AWS - Elastic Beanstalk Privesc * AWS - EMR Privesc * AWS - Gamelift * AWS - Glue Privesc * AWS - IAM Privesc * AWS - KMS Privesc * AWS - Lambda Privesc * AWS - Lightsail Privesc * AWS - Mediapackage Privesc * AWS - MQ Privesc * AWS - MSK Privesc * AWS - RDS Privesc * AWS - Redshift Privesc * AWS - Route53 Privesc * AWS - SNS Privesc * AWS - SQS Privesc * AWS - SSO & identitystore Privesc * AWS - Organizations Privesc * AWS - S3 Privesc * AWS - Sagemaker Privesc * AWS - Secrets Manager Privesc * AWS - SSM Privesc * AWS - STS Privesc * AWS - WorkDocs Privesc * AWS - Services * AWS - Security & Detection Services * AWS - CloudTrail Enum * AWS - CloudWatch Enum * AWS - Config Enum * AWS - Control Tower Enum * AWS - Cost Explorer Enum * AWS - Detective Enum * AWS - Firewall Manager Enum * AWS - GuardDuty Enum * AWS - Inspector Enum * AWS - Macie Enum * AWS - Security Hub Enum * AWS - Shield Enum * AWS - Trusted Advisor Enum * AWS - WAF Enum * AWS - API Gateway Enum * AWS - Certificate Manager (ACM) & Private Certificate Authority (PCA) * AWS - CloudFormation & Codestar Enum * AWS - CloudHSM Enum * AWS - CloudFront Enum * AWS - Codebuild Enum * AWS - Cognito Enum * Cognito Identity Pools * Cognito User Pools * AWS - DataPipeline, CodePipeline & CodeCommit Enum * AWS - Directory Services / WorkDocs Enum * AWS - DocumentDB Enum * AWS - DynamoDB Enum * AWS - EC2, EBS, ELB, SSM, VPC & VPN Enum * AWS - VPC & Networking Basic Information * AWS - ECR Enum * AWS - ECS Enum * AWS - EKS Enum * AWS - Elastic Beanstalk Enum * AWS - ElastiCache * AWS - EMR Enum * AWS - EFS Enum * AWS - Kinesis Data Firehose Enum * AWS - IAM Enum * AWS - KMS Enum * AWS - Lambda Enum * AWS - Lightsail Enum * AWS - MQ Enum * AWS - MSK Enum * AWS - Organizations Enum * AWS - Redshift Enum * AWS - Relational Database (RDS) Enum * AWS - Route53 Enum * AWS - Secrets Manager Enum * AWS - SES Enum * AWS - SNS Enum * AWS - SQS Enum * AWS - S3, Athena & Glacier Enum * AWS - STS Enum * AWS - Other Services Enum * AWS - Unauthenticated Enum & Access * AWS - Accounts Unauthenticated Enum * AWS - API Gateway Unauthenticated Enum * AWS - Cloudfront Unauthenticated Enum * AWS - Cognito Unauthenticated Enum * AWS - CodeBuild Unauthenticated Access * AWS - DocumentDB Unauthenticated Enum * AWS - DynamoDB Unauthenticated Access * AWS - EC2 Unauthenticated Enum * AWS - ECR Unauthenticated Enum * AWS - ECS Unauthenticated Enum * AWS - Elastic Beanstalk Unauthenticated Enum * AWS - Elasticsearch Unauthenticated Enum * AWS - IAM & STS Unauthenticated Enum * AWS - IoT Unauthenticated Enum * AWS - Kinesis Video Unauthenticated Enum * AWS - Lambda Unauthenticated Access * AWS - Media Unauthenticated Enum * AWS - MQ Unauthenticated Enum * AWS - MSK Unauthenticated Enum * AWS - RDS Unauthenticated Enum * AWS - Redshift Unauthenticated Enum * AWS - SQS Unauthenticated Enum * AWS - SNS Unauthenticated Enum * AWS - S3 Unauthenticated Enum * Azure Pentesting * Az - Basic Information * Az - Unauthenticated Enum & Initial Entry * Az - Illicit Consent Grant * Az - Device Code Authentication Phishing * Az - Password Spraying * Az - Services * Az - ACR * Az - Application Proxy * Az - ARM Templates / Deployments * Az - Automation Account * Az - State Configuration RCE * Az - Azure App Service & Function Apps * Az - Blob Storage * Az - Intune * Az - Key Vault * Az - Logic Apps * Az - SQL * Az - Virtual Machines & Network * Az - Azure Network * Az - Permissions for a Pentest * Az - Lateral Movement (Cloud - On-Prem) * Az AD Connect - Hybrid Identity * Az- Synchronising New Users * Az - Default Applications * Az - Cloud Kerberos Trust * Az - Federation * Az - PHS - Password Hash Sync * Az - PTA - Pass-through Authentication * Az - Seamless SSO * Az - Local Cloud Credentials * Az - Pass the Cookie * Az - Pass the Certificate * Az - Pass the PRT * Az - Phishing Primary Refresh Token (Microsoft Entra) * Az - Primary Refresh Token (PRT) * Az - Persistence * Az - Device Registration * Az - AzureAD (AAD) * Az - Conditional Access Policies / MFA Bypass * Az - Dynamic Groups Privesc * Digital Ocean Pentesting * DO - Basic Information * DO - Permissions for a Pentest * DO - Services * DO - Apps * DO - Container Registry * DO - Databases * DO - Droplets * DO - Functions * DO - Images * DO - Kubernetes (DOKS) * DO - Networking * DO - Projects * DO - Spaces * DO - Volumes * IBM Cloud Pentesting * IBM - Hyper Protect Crypto Services * IBM - Hyper Protect Virtual Server * IBM - Basic Information * 🛫Pentesting Network Services * HackTricks Pentesting Network * HackTricks Pentesting Services Powered by GitBook HACKTRICKS CLOUD Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! Other ways to support HackTricks: * If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS! * Get the official PEASS & HackTricks swag * Discover The PEASS Family, our collection of exclusive NFTs * Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦 @hacktricks_live. * Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos. Hacktricks logos & motion designed by @ppiernacho. Welcome to the page where you will find each hacking trick/technique/whatever related to CI/CD & Cloud I have learnt in CTFs, real life environments, researching, and reading researches and news. PENTESTING CI/CD METHODOLOGY In the HackTricks CI/CD Methodology you will find how to pentest infrastructure related to CI/CD activities. Read the following page for an introduction: pagePentesting CI/CD Methodology PENTESTING CLOUD METHODOLOGY In the HackTricks Cloud Methodology you will find how to pentest cloud environments. Read the following page for an introduction: pagePentesting Cloud Methodology LICENSE & DISCLAIMER Check them in: pageHackTricks Values & FAQLearn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! Other ways to support HackTricks: * If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS! * Get the official PEASS & HackTricks swag * Discover The PEASS Family, our collection of exclusive NFTs * Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦 @hacktricks_live. * Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos. NextPentesting CI/CD Methodology Last updated 9 days ago On this page * Pentesting CI/CD Methodology * Pentesting Cloud Methodology * License & Disclaimer Was this helpful? Edit on GitHub This site uses cookies to deliver its service and to analyse traffic. By browsing this site, you accept the privacy policy. AcceptReject