cloud.hacktricks.xyz
Open in
urlscan Pro
2606:4700:4400::6812:282f
Public Scan
Submitted URL: http://cloud.hacktricks.xyz/
Effective URL: https://cloud.hacktricks.xyz/
Submission: On March 21 via manual from FR — Scanned from FR
Effective URL: https://cloud.hacktricks.xyz/
Submission: On March 21 via manual from FR — Scanned from FR
Form analysis 0 forms found in the DOM
Text Content
HACKTRICKS CLOUD
HackTricks Cloud
HackTricks CloudAfrikaans - Ht CloudChinese - Ht CloudEspañol - Ht CloudFrançais
- Ht CloudGerman - Ht CloudGreek - Ht CloudHindi - Ht CloudItalian - Ht
CloudJapanese - Ht CloudKorean - Ht CloudPolish - Ht CloudPortuguês - Ht
CloudSerbian - Ht CloudSwahili - Ht CloudTurkish - Ht Cloud
HackTricks Training Twitter Linkedin Sponsor
Ask or SearchCtrl + K
* 👽Welcome!
* HackTricks Cloud
* About the Author
* HackTricks Values & faq
* 🏭Pentesting CI/CD
* Pentesting CI/CD Methodology
* Github Security
* Abusing Github Actions
* Gh Actions - Artifact Poisoning
* GH Actions - Cache Poisoning
* Gh Actions - Context Script Injections
* Basic Github Information
* Gitea Security
* Basic Gitea Information
* Concourse Security
* Concourse Architecture
* Concourse Lab Creation
* Concourse Enumeration & Attacks
* CircleCI Security
* TravisCI Security
* Basic TravisCI Information
* Jenkins Security
* Basic Jenkins Information
* Jenkins RCE with Groovy Script
* Jenkins RCE Creating/Modifying Project
* Jenkins RCE Creating/Modifying Pipeline
* Jenkins Dumping Secrets from Groovy
* Apache Airflow Security
* Airflow Configuration
* Airflow RBAC
* Terraform Security
* Atlantis Security
* Cloudflare Security
* Cloudflare Domains
* Cloudflare Zero Trust Network
* Okta Security
* Okta Hardening
* Ansible Tower / AWX / Automation controller Security
* TODO
* ⛈️Pentesting Cloud
* Pentesting Cloud Methodology
* Kubernetes Pentesting
* Kubernetes Basics
* Pentesting Kubernetes Services
* Kubelet Authentication & Authorization
* Exposing Services in Kubernetes
* Attacking Kubernetes from inside a Pod
* Kubernetes Enumeration
* Kubernetes Role-Based Access Control(RBAC)
* Abusing Roles/ClusterRoles in Kubernetes
* Pod Escape Privileges
* Kubernetes Roles Abuse Lab
* Kubernetes Namespace Escalation
* Kubernetes Pivoting to Clouds
* Kubernetes Network Attacks
* Kubernetes Hardening
* Kubernetes SecurityContext(s)
* GCP Pentesting
* GCP - Basic Information
* GCP - Federation Abuse
* GCP - Permissions for a Pentest
* GCP - Post Exploitation
* GCP - App Engine Post Exploitation
* GCP - Artifact Registry Post Exploitation
* GCP - Cloud Build Post Exploitation
* GCP - Cloud Functions Post Exploitation
* GCP - Cloud Run Post Exploitation
* GCP - Cloud Shell Post Exploitation
* GCP - Cloud SQL Post Exploitation
* GCP - Compute Post Exploitation
* GCP - Filestore Post Exploitation
* GCP - IAM Post Exploitation
* GCP - KMS Post Exploitation
* GCP - Logging Post Exploitation
* GCP - Monitoring Post Exploitation
* GCP - Pub/Sub Post Exploitation
* GCP - Secretmanager Post Exploitation
* GCP - Security Post Exploitation
* GCP - Storage Post Exploitation
* GCP - Privilege Escalation
* GCP - Apikeys Privesc
* GCP - AppEngine Privesc
* GCP - Artifact Registry Privesc
* GCP - BigQuery Privesc
* GCP - ClientAuthConfig Privesc
* GCP - Cloudbuild Privesc
* GCP - Cloudfunctions Privesc
* GCP - Cloudidentity Privesc
* GCP - Cloudscheduler Privesc
* GCP - Compute Privesc
* GCP - Add Custom SSH Metadata
* GCP - Composer Privesc
* GCP - Container Privesc
* GCP - Deploymentmaneger Privesc
* GCP - IAM Privesc
* GCP - KMS Privesc
* GCP - Orgpolicy Privesc
* GCP - Pubsub Privesc
* GCP - Resourcemanager Privesc
* GCP - Run Privesc
* GCP - Secretmanager Privesc
* GCP - Serviceusage Privesc
* GCP - Sourcerepos Privesc
* GCP - Storage Privesc
* GCP - Misc Perms Privesc
* GCP - Network Docker Escape
* GCP - local privilege escalation ssh pivoting
* GCP - Persistence
* GCP - API Keys Persistence
* GCP - App Engine Persistence
* GCP - Artifact Registry Persistence
* GCP - BigQuery Persistence
* GCP - Cloud Functions Persistence
* GCP - Cloud Run Persistence
* GCP - Cloud Shell Persistence
* GCP - Cloud SQL Persistence
* GCP - Compute Persistence
* GCP - Filestore Persistence
* GCP - Logging Persistence
* GCP - Non-svc Persistance
* GCP - Secret Manager Persistence
* GCP - Storage Persistence
* GCP - Services
* GCP - AI Platform Enum
* GCP - API Keys Enum
* GCP - App Engine Enum
* GCP - Artifact Registry Enum
* GCP - Bigquery Enum
* GCP - Bigtable Enum
* GCP - Cloud Build Enum
* GCP - Cloud Functions Enum
* GCP - Cloud Run Enum
* GCP - Cloud Shell Enum
* GCP - Cloud SQL Enum
* GCP - Compute Enum
* GCP - Compute Instances
* GCP - VPC & Networking
* GCP - Containers, GKE & Composer Enum
* GCP - DNS Enum
* GCP - Filestore Enum
* GCP - Firebase Enum
* GCP - Firestore Enum
* GCP - IAM, Principals & Org Policies Enum
* GCP - KMS Enum
* GCP - Logging Enum
* GCP - Memorystore Enum
* GCP - Monitoring Enum
* GCP - Pub/Sub Enum
* GCP - Secrets Manager Enum
* GCP - Security Enum
* GCP - Source Repositories Enum
* GCP - Spanner Enum
* GCP - Stackdriver Enum
* GCP - Storage Enum
* GCP <--> Workspace Pivoting
* GCP - Understanding Domain-Wide Delegation
* GCP - Unauthenticated Enum & Access
* GCP - API Keys Unauthenticated Enum
* GCP - App Engine Unauthenticated Enum
* GCP - Artifact Registry Unauthenticated Enum
* GCP - Cloud Build Unauthenticated Enum
* GCP - Cloud Functions Unauthenticated Enum
* GCP - Cloud Run Unauthenticated Enum
* GCP - Cloud SQL Unauthenticated Enum
* GCP - Compute Unauthenticated Enum
* GCP - IAM, Principals & Org Unauthenticated Enum
* GCP - Source Repositories Unauthenticated Enum
* GCP - Storage Unauthenticated Enum
* GCP - Public Buckets Privilege Escalation
* GWS - Workspace Pentesting
* GWS - Post Exploitation
* GWS - Persistence
* GWS - Google Platforms Phishing
* GWS - App Scripts
* AWS Pentesting
* AWS - Basic Information
* AWS - Federation Abuse
* AWS - Permissions for a Pentest
* AWS - Persistence
* AWS - API Gateway Persistence
* AWS - Cognito Persistence
* AWS - DynamoDB Persistence
* AWS - EC2 Persistence
* AWS - ECR Persistence
* AWS - ECS Persistence
* AWS - Elastic Beanstalk Persistence
* AWS - EFS Persistence
* AWS - IAM Persistence
* AWS - KMS Persistence
* AWS - Lambda Persistence
* AWS - Abusing Lambda Extensions
* AWS - Lambda Layers Persistence
* AWS - Lightsail Persistence
* AWS - RDS Persistence
* AWS - S3 Persistence
* AWS - SNS Persistence
* AWS - Secrets Manager Persistence
* AWS - SQS Persistence
* AWS - SSM Perssitence
* AWS - STS Persistence
* AWS - Post Exploitation
* AWS - API Gateway Post Exploitation
* AWS - CloudFront Post Exploitation
* AWS - CodeBuild Post Exploitation
* AWS Codebuild - Token Leakage
* AWS - Control Tower Post Exploitation
* AWS - DLM Post Exploitation
* AWS - DynamoDB Post Exploitation
* AWS - EC2, EBS, SSM & VPC Post Exploitation
* AWS - EBS Snapshot Dump
* AWS - Malicious VPC Mirror
* AWS - ECR Post Exploitation
* AWS - ECS Post Exploitation
* AWS - EFS Post Exploitation
* AWS - EKS Post Exploitation
* AWS - Elastic Beanstalk Post Exploitation
* AWS - IAM Post Exploitation
* AWS - KMS Post Exploitation
* AWS - Lambda Post Exploitation
* AWS - Steal Lambda Requests
* AWS - Lightsail Post Exploitation
* AWS - Organizations Post Exploitation
* AWS - RDS Post Exploitation
* AWS - S3 Post Exploitation
* AWS - Secrets Manager Post Exploitation
* AWS - SES Post Exploitation
* AWS - SNS Post Exploitation
* AWS - SQS Post Exploitation
* AWS - SSO & identitystore Post Exploitation
* AWS - STS Post Exploitation
* AWS - VPN Post Exploitation
* AWS - Privilege Escalation
* AWS - Apigateway Privesc
* AWS - Chime Privesc
* AWS - Codebuild Privesc
* AWS - Codepipeline Privesc
* AWS - Codestar Privesc
* codestar:CreateProject, codestar:AssociateTeamMember
* iam:PassRole, codestar:CreateProject
* AWS - Cloudformation Privesc
* iam:PassRole, cloudformation:CreateStack,and
cloudformation:DescribeStacks
* AWS - Cognito Privesc
* AWS - Datapipeline Privesc
* AWS - Directory Services Privesc
* AWS - DynamoDB Privesc
* AWS - EBS Privesc
* AWS - EC2 Privesc
* AWS - ECR Privesc
* AWS - ECS Privesc
* AWS - EFS Privesc
* AWS - Elastic Beanstalk Privesc
* AWS - EMR Privesc
* AWS - Gamelift
* AWS - Glue Privesc
* AWS - IAM Privesc
* AWS - KMS Privesc
* AWS - Lambda Privesc
* AWS - Lightsail Privesc
* AWS - Mediapackage Privesc
* AWS - MQ Privesc
* AWS - MSK Privesc
* AWS - RDS Privesc
* AWS - Redshift Privesc
* AWS - Route53 Privesc
* AWS - SNS Privesc
* AWS - SQS Privesc
* AWS - SSO & identitystore Privesc
* AWS - Organizations Privesc
* AWS - S3 Privesc
* AWS - Sagemaker Privesc
* AWS - Secrets Manager Privesc
* AWS - SSM Privesc
* AWS - STS Privesc
* AWS - WorkDocs Privesc
* AWS - Services
* AWS - Security & Detection Services
* AWS - CloudTrail Enum
* AWS - CloudWatch Enum
* AWS - Config Enum
* AWS - Control Tower Enum
* AWS - Cost Explorer Enum
* AWS - Detective Enum
* AWS - Firewall Manager Enum
* AWS - GuardDuty Enum
* AWS - Inspector Enum
* AWS - Macie Enum
* AWS - Security Hub Enum
* AWS - Shield Enum
* AWS - Trusted Advisor Enum
* AWS - WAF Enum
* AWS - API Gateway Enum
* AWS - Certificate Manager (ACM) & Private Certificate Authority (PCA)
* AWS - CloudFormation & Codestar Enum
* AWS - CloudHSM Enum
* AWS - CloudFront Enum
* AWS - Codebuild Enum
* AWS - Cognito Enum
* Cognito Identity Pools
* Cognito User Pools
* AWS - DataPipeline, CodePipeline & CodeCommit Enum
* AWS - Directory Services / WorkDocs Enum
* AWS - DocumentDB Enum
* AWS - DynamoDB Enum
* AWS - EC2, EBS, ELB, SSM, VPC & VPN Enum
* AWS - VPC & Networking Basic Information
* AWS - ECR Enum
* AWS - ECS Enum
* AWS - EKS Enum
* AWS - Elastic Beanstalk Enum
* AWS - ElastiCache
* AWS - EMR Enum
* AWS - EFS Enum
* AWS - Kinesis Data Firehose Enum
* AWS - IAM Enum
* AWS - KMS Enum
* AWS - Lambda Enum
* AWS - Lightsail Enum
* AWS - MQ Enum
* AWS - MSK Enum
* AWS - Organizations Enum
* AWS - Redshift Enum
* AWS - Relational Database (RDS) Enum
* AWS - Route53 Enum
* AWS - Secrets Manager Enum
* AWS - SES Enum
* AWS - SNS Enum
* AWS - SQS Enum
* AWS - S3, Athena & Glacier Enum
* AWS - STS Enum
* AWS - Other Services Enum
* AWS - Unauthenticated Enum & Access
* AWS - Accounts Unauthenticated Enum
* AWS - API Gateway Unauthenticated Enum
* AWS - Cloudfront Unauthenticated Enum
* AWS - Cognito Unauthenticated Enum
* AWS - CodeBuild Unauthenticated Access
* AWS - DocumentDB Unauthenticated Enum
* AWS - DynamoDB Unauthenticated Access
* AWS - EC2 Unauthenticated Enum
* AWS - ECR Unauthenticated Enum
* AWS - ECS Unauthenticated Enum
* AWS - Elastic Beanstalk Unauthenticated Enum
* AWS - Elasticsearch Unauthenticated Enum
* AWS - IAM & STS Unauthenticated Enum
* AWS - IoT Unauthenticated Enum
* AWS - Kinesis Video Unauthenticated Enum
* AWS - Lambda Unauthenticated Access
* AWS - Media Unauthenticated Enum
* AWS - MQ Unauthenticated Enum
* AWS - MSK Unauthenticated Enum
* AWS - RDS Unauthenticated Enum
* AWS - Redshift Unauthenticated Enum
* AWS - SQS Unauthenticated Enum
* AWS - SNS Unauthenticated Enum
* AWS - S3 Unauthenticated Enum
* Azure Pentesting
* Az - Basic Information
* Az - Unauthenticated Enum & Initial Entry
* Az - Illicit Consent Grant
* Az - Device Code Authentication Phishing
* Az - Password Spraying
* Az - Services
* Az - ACR
* Az - Application Proxy
* Az - ARM Templates / Deployments
* Az - Automation Account
* Az - State Configuration RCE
* Az - Azure App Service & Function Apps
* Az - Blob Storage
* Az - Intune
* Az - Key Vault
* Az - Logic Apps
* Az - SQL
* Az - Virtual Machines & Network
* Az - Azure Network
* Az - Permissions for a Pentest
* Az - Lateral Movement (Cloud - On-Prem)
* Az AD Connect - Hybrid Identity
* Az- Synchronising New Users
* Az - Default Applications
* Az - Cloud Kerberos Trust
* Az - Federation
* Az - PHS - Password Hash Sync
* Az - PTA - Pass-through Authentication
* Az - Seamless SSO
* Az - Local Cloud Credentials
* Az - Pass the Cookie
* Az - Pass the Certificate
* Az - Pass the PRT
* Az - Phishing Primary Refresh Token (Microsoft Entra)
* Az - Primary Refresh Token (PRT)
* Az - Persistence
* Az - Device Registration
* Az - AzureAD (AAD)
* Az - Conditional Access Policies / MFA Bypass
* Az - Dynamic Groups Privesc
* Digital Ocean Pentesting
* DO - Basic Information
* DO - Permissions for a Pentest
* DO - Services
* DO - Apps
* DO - Container Registry
* DO - Databases
* DO - Droplets
* DO - Functions
* DO - Images
* DO - Kubernetes (DOKS)
* DO - Networking
* DO - Projects
* DO - Spaces
* DO - Volumes
* IBM Cloud Pentesting
* IBM - Hyper Protect Crypto Services
* IBM - Hyper Protect Virtual Server
* IBM - Basic Information
* 🛫Pentesting Network Services
* HackTricks Pentesting Network
* HackTricks Pentesting Services
Powered by GitBook
HACKTRICKS CLOUD
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team
Expert)!
Other ways to support HackTricks:
* If you want to see your company advertised in HackTricks or download
HackTricks in PDF Check the SUBSCRIPTION PLANS!
* Get the official PEASS & HackTricks swag
* Discover The PEASS Family, our collection of exclusive NFTs
* Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦
@hacktricks_live.
* Share your hacking tricks by submitting PRs to the HackTricks and HackTricks
Cloud github repos.
Hacktricks logos & motion designed by @ppiernacho.
Welcome to the page where you will find each hacking trick/technique/whatever
related to CI/CD & Cloud I have learnt in CTFs, real life environments,
researching, and reading researches and news.
PENTESTING CI/CD METHODOLOGY
In the HackTricks CI/CD Methodology you will find how to pentest infrastructure
related to CI/CD activities. Read the following page for an introduction:
pagePentesting CI/CD Methodology
PENTESTING CLOUD METHODOLOGY
In the HackTricks Cloud Methodology you will find how to pentest cloud
environments. Read the following page for an introduction:
pagePentesting Cloud Methodology
LICENSE & DISCLAIMER
Check them in:
pageHackTricks Values & FAQLearn AWS hacking from zero to hero with htARTE
(HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
* If you want to see your company advertised in HackTricks or download
HackTricks in PDF Check the SUBSCRIPTION PLANS!
* Get the official PEASS & HackTricks swag
* Discover The PEASS Family, our collection of exclusive NFTs
* Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦
@hacktricks_live.
* Share your hacking tricks by submitting PRs to the HackTricks and HackTricks
Cloud github repos.
NextPentesting CI/CD Methodology
Last updated 9 days ago
On this page
* Pentesting CI/CD Methodology
* Pentesting Cloud Methodology
* License & Disclaimer
Was this helpful?
Edit on GitHub
This site uses cookies to deliver its service and to analyse traffic. By
browsing this site, you accept the privacy policy.
AcceptReject