Cloud
Last updated
Last updated
Credential Harvesting.
Exploiting weak permissions on public assets, such as public storage buckets.
Cloud malware injection attacks focus on on-path attacks that redirect users to attackers instances of cloud services. Traditionally, this would be accomplished using a cross-site scripting attack, but injecting malicious code into service or code pipelines or otherwise adding malicious tools into existing cloud infrastructure can also be pathways to accomplishing this task.
Resource exhaustion and denial-of- service attacks.
Direct-to-origin (D20) attacks are a form of distributed denial-of-service attack that work to bypass content delivery networks (CDNs) or other load distribution and proxying tools and attack the underlying service infrastructure.
is an open source, multicloud auditing tool. It leverages APIs to gather configuration data. Since it uses API access, it needs an appropriately privileged system that can make the API calls it uses for auditing. It includes default rulesets that are intended to identify common misconfigurations as well as supporting the ability to write your own custom rules to identify issues that you may want to keep track of.
is a cloud enumeration tool designed to identify applications and storage in multiple cloud provider environments. CloudBrute will run without credentials and is designed to try common brute-force techniques to help enumerate cloud resources like word lists and mutation capabilities.
is an Amazon AWS-specific exploitation framework. It uses multiple modules to perform actions like testing for privilege escalation or disrupting monitoring efforts. It can also implant backdoors via IAM user account modification and security groups, and it has tools built in to provide remote code execution capabilities using AWS native system management tools.
can be used for auditing and security.