hackingthe.cloud
hackingthe.cloud copied to clipboard
Hacking-the-Cloud
An encyclopedia for offensive and defensive security knowledge in cloud native technologies.
Right now there is no general AWS page for Hacking the cloud. About the closest we have it [this](https://hackingthe.cloud/aws/general-knowledge/aws_organizations_defaults/). I need to make something a little more generic so that...
I talked about this in [this](https://x.com/Frichette_n/status/1764385317610455290?s=20) Twitter thread. Need to add it to the site as it could be useful knowledge.
There is a reference to a technique in [this](https://unit42.paloaltonetworks.com/cloud-lateral-movement-techniques/) blog post which shows an attacker using `ssm:SendCommand` in the real world.
Sam Cox's excellent blog post needs to be documented and added. https://tracebit.com/blog/2024/02/finding-aws-account-id-of-any-s3-bucket/#
Need to look into the Redirect Maps more. Something is wrong with them.
I don't think there is anything that hasn't already been presented in blog posts, but it would be worth a read through and see if any techniques are missing from...
Daniel [shared](https://twitter.com/dagrz/status/1755089469949296737) a really interesting enumeration technique that would be valuable to add to the site.
The table in [Intro to the Instance Metadata Service](https://hackingthe.cloud/aws/general-knowledge/intro_metadata_service/) is out of date. I also need to check into `identity-credentials/ec2/security-credentials/ec2-instance` and if an explicit allow in a resource based policy...
[This](https://www.invictus-ir.com/news/the-curious-case-of-dangerdev-protonmail-me) article is great! Need to add some of the techniques from this into Hacking the Cloud. I'm kind of amazed! I think this is the first intelligent AWS threat...
As Mentioned by #244, We should add a `Response` section for AWS. The first article can be on revoking IAM creds/sessions. See [here](https://aws.amazon.com/blogs/security/anatomy-of-a-ransomware-event-targeting-data-in-amazon-s3/) for inspiration.
Metadata
Owner
Metadata
An encyclopedia for offensive and defensive security knowledge in cloud native technologies.