# Cloud

## Common Cloud Attack Methods

* Credential Harvesting.
* Exploiting weak permissions on public assets, such as public storage buckets.
* Cloud malware injection attacks focus on on-path attacks that redirect users to attackers instances of cloud services. Traditionally, this would be accomplished using a cross-site scripting attack, but injecting malicious code into service or code pipelines or otherwise adding malicious tools into existing cloud infrastructure can also be pathways to accomplishing this task.
* Resource exhaustion and denial-of- service attacks.
* Direct-to-origin (D20) attacks are a form of distributed denial-of-service attack that work to bypass content delivery networks (CDNs) or other load distribution and proxying tools and attack the underlying service infrastructure.

### Common Cloud Auditing and Pentesting Tools

* [ScoutSuite](https://github.com/nccgroup/ScoutSuite) is an open source, multicloud auditing tool. It leverages APIs to gather configuration data. Since it uses API access, it needs an appropriately privileged system that can make the API calls it uses for auditing. It includes default rulesets that are intended to identify common misconfigurations as well as supporting the ability to write your own custom rules to identify issues that you may want to keep track of.
* [CloudBrute](https://github.com/0xsha/CloudBrute) is a cloud enumeration tool designed to identify applications and storage in multiple cloud provider environments. CloudBrute will run without credentials and is designed to try common brute-force techniques to help enumerate cloud resources like word lists and mutation capabilities.
* [Pacu](https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/) is an Amazon AWS-specific exploitation framework. It uses multiple modules to perform actions like testing for privilege escalation or disrupting monitoring efforts. It can also implant backdoors via IAM user account modification and security groups, and it has tools built in to provide remote code execution capabilities using AWS native system management tools.
* [CloudCustodian](https://cloudcustodian.io/) can be used for auditing and security.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://itrp19-notes.gitbook.io/notes/reference/hacking/cloud.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.