微信扫一扫加我哦~
https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/
aws/cve-2021-38112-aws-workspaces-rce/
rhinosecuritylabs.com/aws/cloud-malware-cloudformation-injection/
https://rhinosecuritylabs.com/aws/exploring-aws-ebs-snapshots/
cloud-security/cloudgoat-aws-ecs_efs_attack/
cloud-security/kubelet-tls-bootstrap-privilege-escalation/
weaponizing-ecs-task-definitions-steal-credentials-running-containers/
cloud-security/cloudgoat-aws-scenario-ec2_ssrf/
aws/pillaging-ecs-task-definitions-two-new-pacu-modules/
https://rhinosecuritylabs.com/aws/abusing-vpc-traffic-mirroring-in-aws/
https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/
https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/
https://rhinosecuritylabs.com/aws/mfa-phishing-on-aws/
aws/aws-privilege-escalation-methods-mitigation/
penetration-testing/penetration-testing-aws-storage/
https://rhinosecuritylabs.com/aws/cloud-security-csv-injection-aws-cloudtrail/
amazon-aws-misconfiguration-amazon-go/
https://payatu.com/blog/mayank.arora/iam_privilege_escalation_attack
https://bishopfox.com/blog/aws-iam-privilege-escalation-playground
https://bishopfox.com/blog/5-privesc-attack-vectors-in-aws
https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/
inside-a-privilege-escalation-attack-via-amazon-web-services-ec2/
https://pentestbook.six2dez.com/enumeration/cloud/aws
Shadow-admin-permissions-and-your-AWS-account
gaining-aws-console-access-via-api-keys/
automate-aws-ami-creation-for-ec2-and-copy-to-other-region-or-disaster-recovery
connect-to-your-ec2-instance-using-ssh-the-modern-way/
golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
blog.sygnia.co/detection-and-hunting-of-golden-saml-attack
cloudcopy-stealing-hashes-from-domain-controllers-in-the-cloud
Methodology%20and%20Resources/Cloud%20-%20AWS%20Pentest
https://rhinosecuritylabs.com/aws/cloudgoat-walkthrough-rce_web_app/
cloud-security-risks-part-1-azure-csv-injection-vulnerability/
security-saas-companies-leveraging-infosec-business-value/
rhinosecuritylabs.com/cloud-security/common-azure-security-vulnerabilities/
https://zigmax.net/enumerate-valid-emails-accounts%EF%BF%BC/
cloud-penetration-testing/enumerating-azure-services/
Subdomain-Takeover-Azure-CDN.html
https://pentestbook.six2dez.com/enumeration/cloud/azure
azure-active-directory-account-enumeration/
abusing-microsofts-azure-domains-host-phishing-attacks
microsoft-entra-azure-ad/defending-against-the-evilginx2-mfa-bypass/mp/501719
defending-against-evilginx2-in-office-365/
https://www.alteredsecurity.com/post/introduction-to-365-stealer
detection-and-mitigation-consent-grant-attacks-azuread/
password-spray-from-attack-to-detection-and-prevention-87c48cede0c0
protecting-against-password-spray-attacks-with-azure-sentinel-and-azure-ad/
ateral-movement-to-the-cloud-pass-the-prt/
pass-the-prt-attack-and-detection-by-microsoft-defender-for
https://medium.com/@mor2464/azure-ad-pass-the-certificate
https://codez.deedx.cz/posts/how-to-ssh-into-web-app-instance/
attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a
undetected-azure-active-directory-brute-force-attacks
https://medium.com/hackernoon/azure-brute-farce-17e27dc05f85
https://secwise.be/how-to-bypass-mfa-in-azure-and-o365-part-1/
github.com/toniblyx/my-arsenal-of-aws-security-tools
https://github.com/blackbotsecurity/AWS-Attack
https://github.com/awslabs/aws-cloudsaga
https://github.com/awslabs/aws-support-tools
https://github.com/0xVariable/AWS-Security-Tools
https://cybersecurityup.github.io/awstrm/index.html
CloudPentestCheatsheets/blob/master/cheatsheets/AWS.md
https://github.com/RhinoSecurityLabs/cloudgoat
Invoke-EnumerateAzureBlobs.ps1
https://microsoft.github.io/Azure-Threat-Research-Matrix/
https://github.com/Cloud-Architekt/AzureAD-攻击-防御
CloudPentestCheatsheets/blob/master/cheatsheets
https://github.com/Kyuu-Ji/Awesome-Azure-Pentest
https://github.com/ine-labs/AzureGoat
https://github.com/kmcquade/awesome-azure-security
https://github.com/nccgroup/azucar
点击QQ咨询
