Common Cloud Attack Methods

  • Credential Harvesting.

  • Exploiting weak permissions on public assets, such as public storage buckets.

  • Cloud malware injection attacks focus on on-path attacks that redirect users to attackers instances of cloud services. Traditionally, this would be accomplished using a cross-site scripting attack, but injecting malicious code into service or code pipelines or otherwise adding malicious tools into existing cloud infrastructure can also be pathways to accomplishing this task.

  • Resource exhaustion and denial-of- service attacks.

  • Direct-to-origin (D20) attacks are a form of distributed denial-of-service attack that work to bypass content delivery networks (CDNs) or other load distribution and proxying tools and attack the underlying service infrastructure.

Common Cloud Auditing and Pentesting Tools

  • ScoutSuite is an open source, multicloud auditing tool. It leverages APIs to gather configuration data. Since it uses API access, it needs an appropriately privileged system that can make the API calls it uses for auditing. It includes default rulesets that are intended to identify common misconfigurations as well as supporting the ability to write your own custom rules to identify issues that you may want to keep track of.

  • CloudBrute is a cloud enumeration tool designed to identify applications and storage in multiple cloud provider environments. CloudBrute will run without credentials and is designed to try common brute-force techniques to help enumerate cloud resources like word lists and mutation capabilities.

  • Pacu is an Amazon AWS-specific exploitation framework. It uses multiple modules to perform actions like testing for privilege escalation or disrupting monitoring efforts. It can also implant backdoors via IAM user account modification and security groups, and it has tools built in to provide remote code execution capabilities using AWS native system management tools.

  • CloudCustodian can be used for auditing and security.

Last updated