HackTricks Cloud
585 pages
HackTricks Cloud
HackTricks Cloud {{#include ./banners/hacktricks-training.md}} Hacktricks logos & motion designed by @ppieranacho . …
Pentesting CI/CD Methodology
Pentesting CI/CD Methodology {{#include ../banners/hacktricks-training.md}} VCS VCS stands for Version Control System , …
Abusing Docker Build Context in Hosted Builders (Path Traversal, Exfil, and Cloud Pivot)
Abusing Docker Build Context in Hosted Builders (Path Traversal, Exfil, and Cloud Pivot) {{#include ../banners/hacktrick…
Gitblit Security
Gitblit Security {{#include ../../banners/hacktricks-training.md}} What is Gitblit Gitblit is a self‑hosted Git server w…
Gitblit Embedded SSH Auth Bypass (CVE-2024-28080)
Gitblit Embedded SSH Auth Bypass (CVE-2024-28080) {{#include ../../banners/hacktricks-training.md}} Summary CVE-2024-280…
Github Security
Github Security {{#include ../../banners/hacktricks-training.md}} What is Github (From here ) At a high level, GitHub is…
Abusing Github Actions
Abusing Github Actions {{#include ../../../banners/hacktricks-training.md}} Tools The following tools are useful to find…
Gh Actions - Artifact Poisoning
Gh Actions - Artifact Poisoning {{#include ../../../banners/hacktricks-training.md}}…
GH Actions - Cache Poisoning
GH Actions - Cache Poisoning {{#include ../../../banners/hacktricks-training.md}} Overview The GitHub Actions cache is g…
Gh Actions - Context Script Injections
Gh Actions - Context Script Injections {{#include ../../../banners/hacktricks-training.md}} Understanding the risk GitHu…
Accessible Deleted Data in Github
Accessible Deleted Data in Github {{#include ../../banners/hacktricks-training.md}} This ways to access data from Github…
Basic Github Information
Basic Github Information {{#include ../../banners/hacktricks-training.md}} Basic Structure The basic github environment …
Gitea Security
Gitea Security {{#include ../../banners/hacktricks-training.md}} What is Gitea Gitea is a self-hosted community managed …
Basic Gitea Information
Basic Gitea Information {{#include ../../banners/hacktricks-training.md}} Basic Structure The basic Gitea environment st…
Concourse Security
Concourse Security {{#include ../../banners/hacktricks-training.md}} Basic Information Concourse allows you to build pip…
Concourse Architecture
Concourse Architecture {{#include ../../banners/hacktricks-training.md}} Concourse Architecture Relevant data from Conco…
Concourse Lab Creation
Concourse Lab Creation {{#include ../../banners/hacktricks-training.md}} Testing Environment Running Concourse With Dock…
Concourse Enumeration & Attacks
Concourse Enumeration & Attacks {{#include ../../banners/hacktricks-training.md}} Concourse Enumeration & Attack…
CircleCI Security
CircleCI Security {{#include ../banners/hacktricks-training.md}} Basic Information CircleCI is a Continuos Integration p…
TravisCI Security
TravisCI Security {{#include ../../banners/hacktricks-training.md}} What is TravisCI Travis CI is a hosted or on premise…
Basic TravisCI Information
Basic TravisCI Information {{#include ../../banners/hacktricks-training.md}} Access TravisCI directly integrates with di…
Jenkins Security
Jenkins Security {{#include ../../banners/hacktricks-training.md}} Basic Information Jenkins is a tool that offers a str…
Basic Jenkins Information
Basic Jenkins Information {{#include ../../banners/hacktricks-training.md}} Access Username + Password The most common w…
Jenkins RCE with Groovy Script
Jenkins RCE with Groovy Script {{#include ../../banners/hacktricks-training.md}} Jenkins RCE with Groovy Script This is …
Jenkins RCE Creating/Modifying Project
Jenkins RCE Creating/Modifying Project {{#include ../../banners/hacktricks-training.md}} Creating a Project This method …
Jenkins RCE Creating/Modifying Pipeline
Jenkins RCE Creating/Modifying Pipeline {{#include ../../banners/hacktricks-training.md}} Creating a new Pipeline In "Ne…
Jenkins Arbitrary File Read to RCE via "Remember Me"
Jenkins Arbitrary File Read to RCE via "Remember Me" {{#include ../../banners/hacktricks-training.md}} In this blog post…
Jenkins Dumping Secrets from Groovy
Jenkins Dumping Secrets from Groovy {{#include ../../banners/hacktricks-training.md}} ⚠️ Warning Note that these scripts…
Apache Airflow Security
Apache Airflow Security {{#include ../../banners/hacktricks-training.md}} Basic Information Apache Airflow serves as a p…
Airflow Configuration
Airflow Configuration {{#include ../../banners/hacktricks-training.md}} Configuration File Apache Airflow generates a co…
Airflow RBAC
Airflow RBAC {{#include ../../banners/hacktricks-training.md}} RBAC (From the docs)[https://airflow.apache.org/docs/apac…
Terraform Security
Terraform Security {{#include ../banners/hacktricks-training.md}} Basic Information From the docs: HashiCorp Terraform i…
Atlantis Security
Atlantis Security {{#include ../banners/hacktricks-training.md}} Basic Information Atlantis basically helps you to to ru…
Cloudflare Security
Cloudflare Security {{#include ../../banners/hacktricks-training.md}} In a Cloudflare account there are some general set…
Cloudflare Domains
Cloudflare Domains {{#include ../../banners/hacktricks-training.md}} In each TLD configured in Cloudflare there are some…
Abusing Cloudflare Workers as pass-through proxies (IP rotation, FireProx-style)
Abusing Cloudflare Workers as pass-through proxies (IP rotation, FireProx-style) {{#include ../../banners/hacktricks-tra…
Cloudflare Zero Trust Network
Cloudflare Zero Trust Network {{#include ../../banners/hacktricks-training.md}} In a Cloudflare Zero Trust Network accou…
Okta Security
Okta Security {{#include ../../banners/hacktricks-training.md}} Basic Information Okta, Inc. is recognized in the identi…
Okta Hardening
Okta Hardening {{#include ../../banners/hacktricks-training.md}} Directory People From an attackers perspective, this is…
Serverless.com Security
Serverless.com Security {{#include ../banners/hacktricks-training.md}} Basic Information Organization An Organization is…
Supabase Security
Supabase Security {{#include ../banners/hacktricks-training.md}} Basic Information As per their landing page : Supabase …
Chef Automate Security
Chef Automate Security {{#include ../../banners/hacktricks-training.md}} What is Chef Automate Chef Automate is a platfo…
Chef Automate Enumeration & Attacks
Chef Automate Enumeration & Attacks {{#include ../../banners/hacktricks-training.md}} Overview This page collects pr…
Vercel
Vercel {{#include ../banners/hacktricks-training.md}} Basic Information In Vercel a Team is the complete environment tha…
Ansible Tower / AWX / Automation controller Security
Ansible Tower / AWX / Automation controller Security {{#include ../banners/hacktricks-training.md}} Basic Information An…
TODO
TODO {{#include ../banners/hacktricks-training.md}} Github PRs are welcome explaining how to (ab)use those platforms fro…
Pentesting Cloud Methodology
Pentesting Cloud Methodology {{#include ../banners/hacktricks-training.md}} Basic Methodology Each cloud has its own pec…
LUKS2 Header Malleability and Null-Cipher Abuse in Confidential VMs
LUKS2 Header Malleability and Null-Cipher Abuse in Confidential VMs {{#include ../../banners/hacktricks-training.md}} TL…
Kubernetes Pentesting
Kubernetes Pentesting {{#include ../../banners/hacktricks-training.md}} Kubernetes Basics If you don't know anything abo…
Kubernetes Basics
Kubernetes Basics {{#include ../../banners/hacktricks-training.md}} The original author of this page is Jorge (read his …
Pentesting Kubernetes Services
Pentesting Kubernetes Services {{#include ../../../banners/hacktricks-training.md}} Kubernetes uses several specific net…
Kubelet Authentication & Authorization
Kubelet Authentication & Authorization {{#include ../../../banners/hacktricks-training.md}} Kubelet Authentication F…
Exposing Services in Kubernetes
Exposing Services in Kubernetes {{#include ../../banners/hacktricks-training.md}} There are different ways to expose ser…
Attacking Kubernetes from inside a Pod
Attacking Kubernetes from inside a Pod {{#include ../../banners/hacktricks-training.md}} Pod Breakout If you are lucky e…
Kubernetes Enumeration
Kubernetes Enumeration {{#include ../../banners/hacktricks-training.md}} Kubernetes Tokens If you have compromised acces…
Kubernetes Role-Based Access Control(RBAC)
Kubernetes Role-Based Access Control(RBAC) {{#include ../../banners/hacktricks-training.md}} Role-Based Access Control (…
Abusing Roles/ClusterRoles in Kubernetes
Abusing Roles/ClusterRoles in Kubernetes {{#include ../../../banners/hacktricks-training.md}} Here you can find some pot…
Pod Escape Privileges
Pod Escape Privileges {{#include ../../../banners/hacktricks-training.md}} Privileged and hostPID With these privileges …
Kubernetes Roles Abuse Lab
Kubernetes Roles Abuse Lab {{#include ../../../banners/hacktricks-training.md}} You can run these labs just inside minik…
Kubernetes Namespace Escalation
Kubernetes Namespace Escalation {{#include ../../banners/hacktricks-training.md}} In Kubernetes it's pretty common that …
External Secret Operator
External Secret Operator {{#include ../../banners/hacktricks-training.md}} The original author of this page is Fares Thi…
Kubernetes Pivoting to Clouds
Kubernetes Pivoting to Clouds {{#include ../../banners/hacktricks-training.md}} GCP If you are running a k8s cluster ins…
Kubernetes Network Attacks
Kubernetes Network Attacks {{#include ../../banners/hacktricks-training.md}} Introduction In Kubernetes, it is observed …
Kubernetes Hardening
Kubernetes Hardening {{#include ../../../banners/hacktricks-training.md}} Tools to analyse a cluster Steampipe - Kuberne…
Kubernetes SecurityContext(s)
Kubernetes SecurityContext(s) {{#include ../../../banners/hacktricks-training.md}} PodSecurityContext From the docs: Whe…
Kubernetes - OPA Gatekeeper
Kubernetes - OPA Gatekeeper {{#include ../../../banners/hacktricks-training.md}} The original author of this page is Gui…
Kubernetes OPA Gatekeeper bypass
Kubernetes OPA Gatekeeper bypass {{#include ../../../banners/hacktricks-training.md}} The original author of this page i…
Kubernetes Kyverno
Kubernetes Kyverno {{#include ../../../banners/hacktricks-training.md}} The original author of this page is Guillaume De…
Kubernetes Kyverno bypass
Kubernetes Kyverno bypass {{#include ../../../banners/hacktricks-training.md}} The original author of this page is Guill…
Kubernetes ValidatingWebhookConfiguration
Kubernetes ValidatingWebhookConfiguration {{#include ../../banners/hacktricks-training.md}} The original author of this …
GCP Pentesting
GCP Pentesting {{#include ../../banners/hacktricks-training.md}} Basic Information Before start pentesting a GCP environ…
GCP - Basic Information
GCP - Basic Information {{#include ../../../banners/hacktricks-training.md}} Resource hierarchy Google Cloud uses a Reso…
GCP - Federation Abuse
GCP - Federation Abuse {{#include ../../../banners/hacktricks-training.md}} OIDC - Github Actions Abuse GCP In order to …
GCP - Permissions for a Pentest
GCP - Permissions for a Pentest {{#include ../../banners/hacktricks-training.md}} If you want to pentest a GCP environme…
GCP - Post Exploitation
GCP - Post Exploitation {{#include ../../../banners/hacktricks-training.md}}…
GCP - Apigee Post Exploitation
GCP - Apigee Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Apigee metadata SSRF -> Dataflow …
GCP - App Engine Post Exploitation
GCP - App Engine Post Exploitation {{#include ../../../banners/hacktricks-training.md}} App Engine For information about…
GCP - Artifact Registry Post Exploitation
GCP - Artifact Registry Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Artifact Registry For mor…
GCP - Bigtable Post Exploitation
GCP - Bigtable Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Bigtable For more information abou…
GCP - Cloud Build Post Exploitation
GCP - Cloud Build Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Cloud Build For more informatio…
GCP - Cloud Functions Post Exploitation
GCP - Cloud Functions Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Cloud Functions Find some i…
GCP - Cloud Run Post Exploitation
GCP - Cloud Run Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Cloud Run For more information ab…
GCP - Cloud Shell Post Exploitation
GCP - Cloud Shell Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Cloud Shell For more informatio…
GCP - Cloud SQL Post Exploitation
GCP - Cloud SQL Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Cloud SQL For more information ab…
GCP - Compute Post Exploitation
GCP - Compute Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Compute For more information about …
GCP - Dataflow Post Exploitation
GCP - Dataflow Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Dataflow For more information abou…
GCP - Filestore Post Exploitation
GCP - Filestore Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Filestore For more information ab…
GCP - IAM Post Exploitation
GCP - IAM Post Exploitation {{#include ../../../banners/hacktricks-training.md}} IAM You can find further information ab…
GCP - KMS Post Exploitation
GCP - KMS Post Exploitation {{#include ../../../banners/hacktricks-training.md}} KMS Find basic information about KMS in…
GCP - Logging Post Exploitation
GCP - Logging Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Basic Information For more informat…
GCP - Monitoring Post Exploitation
GCP - Monitoring Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Monitoring Fore more information…
GCP - Pub/Sub Post Exploitation
GCP - Pub/Sub Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Pub/Sub For more information about …
GCP - Secretmanager Post Exploitation
GCP - Secretmanager Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Secretmanager For more inform…
GCP - Security Post Exploitation
GCP - Security Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Security For more information chec…
GCP - Vertex AI Post Exploitation
GCP - Vertex AI Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Vertex AI Agent Engine / Reasonin…
GCP - Workflows Post Exploitation
GCP - Workflows Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Workflow Basic information: {{#re…
GCP - Storage Post Exploitation
GCP - Storage Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Cloud Storage For more information …
GCP - Privilege Escalation
GCP - Privilege Escalation {{#include ../../../banners/hacktricks-training.md}} Introduction to GCP Privilege Escalation…
GCP - AppEngine Privesc
GCP - AppEngine Privesc {{#include ../../../banners/hacktricks-training.md}} App Engine For more information about App E…
GCP - AppEngine Privesc
GCP - AppEngine Privesc {{#include ../../../banners/hacktricks-training.md}} App Engine For more information about App E…
GCP - Artifact Registry Privesc
GCP - Artifact Registry Privesc {{#include ../../../banners/hacktricks-training.md}} Artifact Registry For more informat…
GCP - Batch Privesc
GCP - Batch Privesc {{#include ../../../banners/hacktricks-training.md}} Batch Basic information: {{#ref}} ../gcp-servic…
GCP - BigQuery Privesc
GCP - BigQuery Privesc {{#include ../../../banners/hacktricks-training.md}} BigQuery For more information about BigQuery…
GCP - Bigtable Privesc
GCP - Bigtable Privesc {{#include ../../../banners/hacktricks-training.md}} Bigtable For more information about Bigtable…
GCP - ClientAuthConfig Privesc
GCP - ClientAuthConfig Privesc {{#include ../../../banners/hacktricks-training.md}} Create OAuth Brand and Client Accord…
GCP - Cloud Workstations Privesc
GCP - Cloud Workstations Privesc {{#include ../../../banners/hacktricks-training.md}} Container Breakout via Docker Sock…
GCP - Cloudbuild Privesc
GCP - Cloudbuild Privesc {{#include ../../../banners/hacktricks-training.md}} cloudbuild For more information about Clou…
GCP - Cloudfunctions Privesc
GCP - Cloudfunctions Privesc {{#include ../../../banners/hacktricks-training.md}} cloudfunctions More information about …
GCP - Cloudidentity Privesc
GCP - Cloudidentity Privesc {{#include ../../../banners/hacktricks-training.md}} Cloudidentity For more information abou…
GCP - Cloud Scheduler Privesc
GCP - Cloud Scheduler Privesc {{#include ../../../banners/hacktricks-training.md}} Cloud Scheduler More information in: …
GCP - Cloud Tasks Privesc
GCP - Cloud Tasks Privesc {{#include ../../../banners/hacktricks-training.md}} Cloud Tasks cloudtasks.tasks.create , iam…
GCP - Compute Privesc
GCP - Compute Privesc {{#include ../../../../banners/hacktricks-training.md}} Compute For more information about Compute…
GCP - Add Custom SSH Metadata
GCP - Add Custom SSH Metadata {{#include ../../../../banners/hacktricks-training.md}} Modifying the metadata Metadata mo…
GCP - Composer Privesc
GCP - Composer Privesc {{#include ../../../banners/hacktricks-training.md}} composer More info in: {{#ref}} ../gcp-servi…
GCP - Container Privesc
GCP - Container Privesc {{#include ../../../banners/hacktricks-training.md}} container container.clusters.get This permi…
GCP Dataproc Privilege Escalation
GCP Dataproc Privilege Escalation {{#include ../../../banners/hacktricks-training.md}} Dataproc {{#ref}} ../gcp-services…
GCP - Dataflow Privilege Escalation
GCP - Dataflow Privilege Escalation {{#include ../../../banners/hacktricks-training.md}} Dataflow {{#ref}} ../gcp-servic…
GCP - Deploymentmaneger Privesc
GCP - Deploymentmaneger Privesc {{#include ../../../banners/hacktricks-training.md}} deploymentmanager deploymentmanager…
GCP - IAM Privesc
GCP - IAM Privesc {{#include ../../../banners/hacktricks-training.md}} IAM Find more information about IAM in: {{#ref}} …
GCP - KMS Privesc
GCP - KMS Privesc {{#include ../../../banners/hacktricks-training.md}} KMS Info about KMS: {{#ref}} ../gcp-services/gcp-…
GCP - Firebase Privesc
GCP - Firebase Privesc {{#include ../../../banners/hacktricks-training.md}} Firebase Unauthenticated access to Firebase …
GCP - Orgpolicy Privesc
GCP - Orgpolicy Privesc {{#include ../../../banners/hacktricks-training.md}} orgpolicy orgpolicy.policy.set An attacker …
GCP - Pubsub Privesc
GCP - Pubsub Privesc {{#include ../../../banners/hacktricks-training.md}} PubSub Get more information in: {{#ref}} ../gc…
GCP - Resourcemanager Privesc
GCP - Resourcemanager Privesc {{#include ../../../banners/hacktricks-training.md}} resourcemanager resourcemanager.organ…
GCP - Run Privesc
GCP - Run Privesc {{#include ../../../banners/hacktricks-training.md}} Cloud Run For more information about Cloud Run ch…
GCP - Secretmanager Privesc
GCP - Secretmanager Privesc {{#include ../../../banners/hacktricks-training.md}} secretmanager For more information abou…
GCP - Serviceusage Privesc
GCP - Serviceusage Privesc {{#include ../../../banners/hacktricks-training.md}} serviceusage The following permissions a…
GCP - Sourcerepos Privesc
GCP - Sourcerepos Privesc {{#include ../../../banners/hacktricks-training.md}} Source Repositories For more information …
GCP - Storage Privesc
GCP - Storage Privesc {{#include ../../../banners/hacktricks-training.md}} Storage Basic Information: {{#ref}} ../gcp-se…
GCP - Vertex AI Privesc
GCP - Vertex AI Privesc {{#include ../../../banners/hacktricks-training.md}} Vertex AI For more information about Vertex…
GCP - Workflows Privesc
GCP - Workflows Privesc {{#include ../../../banners/hacktricks-training.md}} Workflows Basic Information: {{#ref}} ../gc…
GCP - Generic Permissions Privesc
GCP - Generic Permissions Privesc {{#include ../../../banners/hacktricks-training.md}} Generic Interesting Permissions *…
GCP - Network Docker Escape
GCP - Network Docker Escape {{#include ../../../banners/hacktricks-training.md}} Initial State In both writeups where th…
GCP - local privilege escalation ssh pivoting
GCP - local privilege escalation ssh pivoting {{#include ../../../banners/hacktricks-training.md}} in this scenario we a…
GCP - Persistence
GCP - Persistence {{#include ../../../banners/hacktricks-training.md}}…
GCP - API Keys Persistence
GCP - API Keys Persistence {{#include ../../../banners/hacktricks-training.md}} API Keys For more information about API …
GCP - App Engine Persistence
GCP - App Engine Persistence {{#include ../../../banners/hacktricks-training.md}} App Engine For more information about …
GCP - Artifact Registry Persistence
GCP - Artifact Registry Persistence {{#include ../../../banners/hacktricks-training.md}} Artifact Registry For more info…
GCP - BigQuery Persistence
GCP - BigQuery Persistence {{#include ../../../banners/hacktricks-training.md}} BigQuery For more information about BigQ…
GCP - Bigtable Persistence
GCP - Bigtable Persistence {{#include ../../../banners/hacktricks-training.md}} Bigtable For more information about Bigt…
GCP - Cloud Functions Persistence
GCP - Cloud Functions Persistence {{#include ../../../banners/hacktricks-training.md}} Cloud Functions For more info abo…
GCP - Cloud Run Persistence
GCP - Cloud Run Persistence {{#include ../../../banners/hacktricks-training.md}} Cloud Run For more information about Cl…
GCP - Cloud Shell Persistence
GCP - Cloud Shell Persistence {{#include ../../../banners/hacktricks-training.md}} Cloud Shell For more information chec…
GCP - Cloud SQL Persistence
GCP - Cloud SQL Persistence {{#include ../../../banners/hacktricks-training.md}} Cloud SQL For more information about Cl…
GCP - Compute Persistence
GCP - Compute Persistence {{#include ../../../banners/hacktricks-training.md}} Compute For more informatoin about Comput…
GCP - Dataflow Persistence
GCP - Dataflow Persistence {{#include ../../../banners/hacktricks-training.md}} Dataflow Invisible persistence in built …
GCP - Filestore Persistence
GCP - Filestore Persistence {{#include ../../../banners/hacktricks-training.md}} Filestore For more information about Fi…
GCP - Logging Persistence
GCP - Logging Persistence {{#include ../../../banners/hacktricks-training.md}} Logging Find more information about Loggi…
GCP - Secret Manager Persistence
GCP - Secret Manager Persistence {{#include ../../../banners/hacktricks-training.md}} Secret Manager Find more informati…
GCP - Storage Persistence
GCP - Storage Persistence {{#include ../../../banners/hacktricks-training.md}} Storage For more information about Cloud …
GCP - Token Persistence
GCP - Token Persistence {{#include ../../../banners/hacktricks-training.md}} Authenticated User Tokens To get the curren…
GCP - Services
GCP - Services {{#include ../../../banners/hacktricks-training.md}}…
GCP - AI Platform Enum
GCP - AI Platform Enum {{#include ../../../banners/hacktricks-training.md}} AI Platform Google AI Platform is another " …
GCP - API Keys Enum
GCP - API Keys Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information In Google Cloud Platform (GCP…
GCP - App Engine Enum
GCP - App Engine Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information Google Cloud Platform's (GC…
GCP - Artifact Registry Enum
GCP - Artifact Registry Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information Google Cloud Artifac…
GCP - Batch Enum
GCP - Batch Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information Google Cloud Platform (GCP) Batc…
GCP - Bigquery Enum
GCP - Bigquery Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information Google Cloud BigQuery is a fu…
GCP - Bigtable Enum
GCP - Bigtable Enum {{#include ../../../banners/hacktricks-training.md}} Bigtable Google Cloud Bigtable is a fully manag…
GCP - Cloud Build Enum
GCP - Cloud Build Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information Google Cloud Build is a ma…
GCP - Cloud Functions Enum
GCP - Cloud Functions Enum {{#include ../../../banners/hacktricks-training.md}} Cloud Functions Google Cloud Functions a…
GCP - Cloud Run Enum
GCP - Cloud Run Enum {{#include ../../../banners/hacktricks-training.md}} Cloud Run Cloud Run is a serverless managed co…
GCP - Cloud Shell Enum
GCP - Cloud Shell Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information Google Cloud Shell is an i…
GCP - Cloud SQL Enum
GCP - Cloud SQL Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information Google Cloud SQL is a manage…
GCP - Cloud Scheduler Enum
GCP - Cloud Scheduler Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information Google Cloud Scheduler…
GCP - Compute Enum
GCP - Compute Enum {{#include ../../../../banners/hacktricks-training.md}} GCP VPC & Networking Learn about how this…
GCP - Compute Instances
GCP - Compute Instances {{#include ../../../../banners/hacktricks-training.md}} Basic Information Google Cloud Compute I…
GCP - VPC & Networking
GCP - VPC & Networking {{#include ../../../../banners/hacktricks-training.md}} GCP Compute Networking in a Nutshell …
GCP - Composer Enum
GCP - Composer Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information Google Cloud Composer is a fu…
GCP - Containers & GKE Enum
GCP - Containers & GKE Enum {{#include ../../../banners/hacktricks-training.md}} Containers In GCP containers you ca…
GCP - Dataflow Enum
GCP - Dataflow Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information Google Cloud Dataflow is a fu…
GCP - Dataproc Enum
GCP - Dataproc Enum {{#include ../../../banners/hacktricks-training.md}} Basic Infromation Google Cloud Dataproc is a fu…
GCP - DNS Enum
GCP - DNS Enum {{#include ../../../banners/hacktricks-training.md}} GCP - Cloud DNS Google Cloud DNS is a high-performan…
GCP - Filestore Enum
GCP - Filestore Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information Google Cloud Filestore is a …
GCP - Firebase Enum
GCP - Firebase Enum {{#include ../../../banners/hacktricks-training.md}} Firebase The Firebase Realtime Database is a cl…
GCP - Firestore Enum
GCP - Firestore Enum {{#include ../../../banners/hacktricks-training.md}} Cloud Firestore Cloud Firestore, provided by F…
GCP - IAM, Principals & Org Policies Enum
GCP - IAM, Principals & Org Policies Enum {{#include ../../../banners/hacktricks-training.md}} Service Accounts For …
GCP - KMS Enum
GCP - KMS Enum {{#include ../../../banners/hacktricks-training.md}} KMS The Cloud Key Management Service serves as a sec…
GCP - Logging Enum
GCP - Logging Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information This service allows users to s…
GCP - Memorystore Enum
GCP - Memorystore Enum {{#include ../../../banners/hacktricks-training.md}} Memorystore Reduce latency with scalable, se…
GCP - Monitoring Enum
GCP - Monitoring Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information Google Cloud Monitoring off…
GCP - Pub/Sub Enum
GCP - Pub/Sub Enum {{#include ../../../banners/hacktricks-training.md}} Pub/Sub Google Cloud Pub/Sub is described as a s…
GCP - Secrets Manager Enum
GCP - Secrets Manager Enum {{#include ../../../banners/hacktricks-training.md}} Secret Manager Google Secret Manager is …
GCP - Security Enum
GCP - Security Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information Google Cloud Platform (GCP) S…
GCP - Source Repositories Enum
GCP - Source Repositories Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information Google Cloud Sourc…
GCP - Spanner Enum
GCP - Spanner Enum {{#include ../../../banners/hacktricks-training.md}} Cloud Spanner Fully managed relational database …
GCP - Stackdriver Enum
GCP - Stackdriver Enum {{#include ../../../banners/hacktricks-training.md}} Stackdriver logging Stackdriver is recognize…
GCP - Storage Enum
GCP - Storage Enum {{#include ../../../banners/hacktricks-training.md}} Storage Google Cloud Platform (GCP) Storage is a…
GCP - Vertex AI Enum
GCP - Vertex AI Enum {{#include ../../../banners/hacktricks-training.md}} Vertex AI Vertex AI is Google Cloud's unified …
GCP - Workflows Enum
GCP - Workflows Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information Google Cloud Platform (GCP) …
GCP <--> Workspace Pivoting
GCP <--> Workspace Pivoting {{#include ../../../banners/hacktricks-training.md}} From GCP to GWS Domain Wide Deleg…
GCP - Understanding Domain-Wide Delegation
GCP - Understanding Domain-Wide Delegation {{#include ../../../banners/hacktricks-training.md}} This post is the introdu…
GCP - Unauthenticated Enum & Access
GCP - Unauthenticated Enum & Access {{#include ../../../banners/hacktricks-training.md}} Public Assets Discovery One…
GCP - API Keys Unauthenticated Enum
GCP - API Keys Unauthenticated Enum {{#include ../../../banners/hacktricks-training.md}} API Keys For more information a…
GCP - App Engine Unauthenticated Enum
GCP - App Engine Unauthenticated Enum {{#include ../../../banners/hacktricks-training.md}} App Engine For more informati…
GCP - Artifact Registry Unauthenticated Enum
GCP - Artifact Registry Unauthenticated Enum {{#include ../../../banners/hacktricks-training.md}} Artifact Registry For …
GCP - Cloud Build Unauthenticated Enum
GCP - Cloud Build Unauthenticated Enum {{#include ../../../banners/hacktricks-training.md}} Cloud Build For more informa…
GCP - Cloud Functions Unauthenticated Enum
GCP - Cloud Functions Unauthenticated Enum {{#include ../../../banners/hacktricks-training.md}} Cloud Functions More inf…
GCP - Cloud Run Unauthenticated Enum
GCP - Cloud Run Unauthenticated Enum {{#include ../../../banners/hacktricks-training.md}} Cloud Run For more information…
GCP - Cloud SQL Unauthenticated Enum
GCP - Cloud SQL Unauthenticated Enum {{#include ../../../banners/hacktricks-training.md}} Cloud SQL For more infromation…
GCP - Compute Unauthenticated Enum
GCP - Compute Unauthenticated Enum {{#include ../../../banners/hacktricks-training.md}} Compute For more information abo…
GCP - IAM, Principals & Org Unauthenticated Enum
GCP - IAM, Principals & Org Unauthenticated Enum {{#include ../../../banners/hacktricks-training.md}} Iam & GCP …
GCP - Source Repositories Unauthenticated Enum
GCP - Source Repositories Unauthenticated Enum {{#include ../../../banners/hacktricks-training.md}} Source Repositories …
GCP - Storage Unauthenticated Enum
GCP - Storage Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} Storage For more information …
GCP - Public Buckets Privilege Escalation
GCP - Public Buckets Privilege Escalation {{#include ../../../../banners/hacktricks-training.md}} Buckets Privilege Esca…
GWS - Workspace Pentesting
GWS - Workspace Pentesting {{#include ../../banners/hacktricks-training.md}} Entry Points Google Platforms and OAuth App…
GWS - Post Exploitation
GWS - Post Exploitation {{#include ../../banners/hacktricks-training.md}} Google Groups Privesc By default in workspace …
GWS - Persistence
GWS - Persistence {{#include ../../banners/hacktricks-training.md}} ⚠️ Caution All the actions mentioned in this section…
GWS - Workspace Sync Attacks (GCPW, GCDS, GPS, Directory Sync with AD & EntraID)
GWS - Workspace Sync Attacks (GCPW, GCDS, GPS, Directory Sync with AD & EntraID) {{#include ../../../banners/hacktri…
GWS - Admin Directory Sync
GWS - Admin Directory Sync {{#include ../../../banners/hacktricks-training.md}} Basic Information The main difference be…
GCDS - Google Cloud Directory Sync
GCDS - Google Cloud Directory Sync {{#include ../../../banners/hacktricks-training.md}} Basic Information This is a tool…
GCPW - Google Credential Provider for Windows
GCPW - Google Credential Provider for Windows {{#include ../../../banners/hacktricks-training.md}} Basic Information Thi…
GPS - Google Password Sync
GPS - Google Password Sync {{#include ../../../banners/hacktricks-training.md}} Basic Information This is the binary and…
GWS - Google Platforms Phishing
GWS - Google Platforms Phishing {{#include ../../../banners/hacktricks-training.md}} Generic Phishing Methodology {{#ref…
GWS - App Scripts
GWS - App Scripts {{#include ../../../banners/hacktricks-training.md}} App Scripts App Scripts is code that will be trig…
AWS Pentesting
AWS Pentesting {{#include ../../banners/hacktricks-training.md}} Basic Information Before start pentesting an AWS enviro…
AWS - Basic Information
AWS - Basic Information {{#include ../../../banners/hacktricks-training.md}} Organization Hierarchy .png>) Accounts I…
AWS - Federation Abuse
AWS - Federation Abuse {{#include ../../../banners/hacktricks-training.md}} SAML For info about SAML please check: {{#re…
AWS - Permissions for a Pentest
AWS - Permissions for a Pentest {{#include ../../banners/hacktricks-training.md}} These are the permissions you need on …
AWS - Persistence
AWS - Persistence {{#include ../../../banners/hacktricks-training.md}}…
AWS - API Gateway Persistence
AWS - API Gateway Persistence {{#include ../../../../banners/hacktricks-training.md}} API Gateway For more information g…
AWS - Cloudformation Persistence
AWS - Cloudformation Persistence {{#include ../../../../banners/hacktricks-training.md}} CloudFormation For more informa…
AWS - Cognito Persistence
AWS - Cognito Persistence {{#include ../../../../banners/hacktricks-training.md}} Cognito For more information, access: …
AWS - DynamoDB Persistence
AWS - DynamoDB Persistence {{#include ../../../../banners/hacktricks-training.md}} DynamoDB For more information access:…
AWS - EC2 Persistence
AWS - EC2 Persistence {{#include ../../../../banners/hacktricks-training.md}} EC2 For more information check: {{#ref}} .…
AWS - EC2 ReplaceRootVolume Task (Stealth Backdoor / Persistence)
AWS - EC2 ReplaceRootVolume Task (Stealth Backdoor / Persistence) {{#include ../../../../banners/hacktricks-training.md}…
AWS - ECR Persistence
AWS - ECR Persistence {{#include ../../../../banners/hacktricks-training.md}} ECR For more information check: {{#ref}} .…
AWS - ECS Persistence
AWS - ECS Persistence {{#include ../../../../banners/hacktricks-training.md}} ECS For more information check: {{#ref}} .…
AWS - Elastic Beanstalk Persistence
AWS - Elastic Beanstalk Persistence {{#include ../../../../banners/hacktricks-training.md}} Elastic Beanstalk For more i…
AWS - EFS Persistence
AWS - EFS Persistence {{#include ../../../../banners/hacktricks-training.md}} EFS For more information check: {{#ref}} .…
AWS - IAM Persistence
AWS - IAM Persistence {{#include ../../../../banners/hacktricks-training.md}} IAM For more information access: {{#ref}} …
AWS - KMS Persistence
AWS - KMS Persistence {{#include ../../../../banners/hacktricks-training.md}} KMS For mor information check: {{#ref}} ..…
AWS - Lambda Persistence
AWS - Lambda Persistence {{#include ../../../../banners/hacktricks-training.md}} Lambda For more information check: {{#r…
AWS - Abusing Lambda Extensions
AWS - Abusing Lambda Extensions {{#include ../../../../banners/hacktricks-training.md}} Lambda Extensions Lambda extensi…
AWS - Lambda Alias-Scoped Resource Policy Backdoor (Invoke specific hidden version)
AWS - Lambda Alias-Scoped Resource Policy Backdoor (Invoke specific hidden version) {{#include ../../../../banners/hackt…
AWS - Lambda Async Self-Loop Persistence via Destinations + Recursion Allow
AWS - Lambda Async Self-Loop Persistence via Destinations + Recursion Allow {{#include ../../../../banners/hacktricks-tr…
AWS - Lambda Layers Persistence
AWS - Lambda Layers Persistence {{#include ../../../../banners/hacktricks-training.md}} Lambda Layers A Lambda layer is …
AWS - Lambda Exec Wrapper Layer Hijack (Pre-Handler RCE)
AWS - Lambda Exec Wrapper Layer Hijack (Pre-Handler RCE) {{#include ../../../../banners/hacktricks-training.md}} Summary…
AWS - Lightsail Persistence
AWS - Lightsail Persistence {{#include ../../../../banners/hacktricks-training.md}} Lightsail For more information check…
AWS - RDS Persistence
AWS - RDS Persistence {{#include ../../../../banners/hacktricks-training.md}} RDS For more information check: {{#ref}} .…
AWS - S3 Persistence
AWS - S3 Persistence {{#include ../../../../banners/hacktricks-training.md}} S3 For more information check: {{#ref}} ../…
AWS - SageMaker Persistence
AWS - SageMaker Persistence {{#include ../../../../banners/hacktricks-training.md}} Overview of Persistence Techniques T…
AWS - SNS Persistence
AWS - SNS Persistence {{#include ../../../../banners/hacktricks-training.md}} SNS For more information check: {{#ref}} .…
AWS - Secrets Manager Persistence
AWS - Secrets Manager Persistence {{#include ../../../../banners/hacktricks-training.md}} Secrets Manager For more info …
AWS - SQS Persistence
AWS - SQS Persistence {{#include ../../../../banners/hacktricks-training.md}} SQS For more information check: {{#ref}} .…
AWS - SQS DLQ Backdoor Persistence via RedrivePolicy/RedriveAllowPolicy
AWS - SQS DLQ Backdoor Persistence via RedrivePolicy/RedriveAllowPolicy {{#include ../../../../banners/hacktricks-traini…
AWS - SQS OrgID Policy Backdoor
AWS - SQS OrgID Policy Backdoor {{#include ../../../../banners/hacktricks-training.md}} Abuse an SQS queue resource poli…
AWS - SSM Perssitence
AWS - SSM Perssitence {{#include ../../../../banners/hacktricks-training.md}} SSM For more information check: {{#ref}} .…
AWS - Step Functions Persistence
AWS - Step Functions Persistence {{#include ../../../../banners/hacktricks-training.md}} Step Functions For more informa…
AWS - STS Persistence
AWS - STS Persistence {{#include ../../../../banners/hacktricks-training.md}} STS For more information access: {{#ref}} …
AWS - Post Exploitation
AWS - Post Exploitation {{#include ../../../banners/hacktricks-training.md}}…
AWS - API Gateway Post Exploitation
AWS - API Gateway Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} API Gateway For more informa…
AWS - Bedrock Post Exploitation
AWS - Bedrock Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} AWS - Bedrock Agents Memory Pois…
AWS - CloudFront Post Exploitation
AWS - CloudFront Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} CloudFront For more informati…
AWS - CodeBuild Post Exploitation
AWS - CodeBuild Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} CodeBuild For more information…
AWS Codebuild - Token Leakage
AWS Codebuild - Token Leakage {{#include ../../../../banners/hacktricks-training.md}} Recover Github/Bitbucket Configure…
AWS CodeBuild - Untrusted PR Webhook Bypass (CodeBreach-style)
AWS CodeBuild - Untrusted PR Webhook Bypass (CodeBreach-style) {{#include ../../../../banners/hacktricks-training.md}} T…
AWS - Control Tower Post Exploitation
AWS - Control Tower Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} Control Tower {{#ref}} ../…
AWS - DLM Post Exploitation
AWS - DLM Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} Data Lifecycle Manger (DLM) EC2:Desc…
AWS - DynamoDB Post Exploitation
AWS - DynamoDB Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} DynamoDB For more information c…
AWS - EC2, EBS, SSM & VPC Post Exploitation
AWS - EC2, EBS, SSM & VPC Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} EC2 & VPC Fo…
AWS - EBS Snapshot Dump
AWS - EBS Snapshot Dump {{#include ../../../../banners/hacktricks-training.md}} Checking a snapshot locally # Install de…
AWS – Covert Disk Exfiltration via AMI Store-to-S3 (CreateStoreImageTask)
AWS – Covert Disk Exfiltration via AMI Store-to-S3 (CreateStoreImageTask) {{#include ../../../../banners/hacktricks-trai…
AWS - Live Data Theft via EBS Multi-Attach
AWS - Live Data Theft via EBS Multi-Attach {{#include ../../../../banners/hacktricks-training.md}} Summary Abuse EBS Mul…
AWS - EC2 Instance Connect Endpoint backdoor + ephemeral SSH key injection
AWS - EC2 Instance Connect Endpoint backdoor + ephemeral SSH key injection {{#include ../../../../banners/hacktricks-tra…
AWS – EC2 ENI Secondary Private IP Hijack (Trust/Allowlist Bypass)
AWS – EC2 ENI Secondary Private IP Hijack (Trust/Allowlist Bypass) {{#include ../../../../banners/hacktricks-training.md…
AWS - Elastic IP Hijack for Ingress/Egress IP Impersonation
AWS - Elastic IP Hijack for Ingress/Egress IP Impersonation {{#include ../../../../banners/hacktricks-training.md}} Summ…
AWS - Security Group Backdoor via Managed Prefix Lists
AWS - Security Group Backdoor via Managed Prefix Lists {{#include ../../../../banners/hacktricks-training.md}} Summary A…
AWS – Egress Bypass from Isolated Subnets via VPC Endpoints
AWS – Egress Bypass from Isolated Subnets via VPC Endpoints {{#include ../../../../banners/hacktricks-training.md}} Summ…
AWS - VPC Flow Logs Cross-Account Exfiltration to S3
AWS - VPC Flow Logs Cross-Account Exfiltration to S3 {{#include ../../../../banners/hacktricks-training.md}} Summary Abu…
AWS - Malicious VPC Mirror
AWS - Malicious VPC Mirror {{#include ../../../../banners/hacktricks-training.md}} Check https://rhinosecuritylabs.com/a…
AWS - ECR Post Exploitation
AWS - ECR Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} ECR For more information check {{#re…
AWS - ECS Post Exploitation
AWS - ECS Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} ECS For more information check: {{#r…
AWS - EFS Post Exploitation
AWS - EFS Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} EFS For more information check: {{#r…
AWS - EKS Post Exploitation
AWS - EKS Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} EKS For mor information check {{#ref…
AWS - Elastic Beanstalk Post Exploitation
AWS - Elastic Beanstalk Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} Elastic Beanstalk For …
AWS - IAM Post Exploitation
AWS - IAM Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} IAM For more information about IAM a…
AWS - KMS Post Exploitation
AWS - KMS Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} KMS For more information check: {{#r…
AWS - Lambda Post Exploitation
AWS - Lambda Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} Lambda For more information check…
AWS Lambda – EFS Mount Injection via UpdateFunctionConfiguration (Data Theft)
AWS Lambda – EFS Mount Injection via UpdateFunctionConfiguration (Data Theft) {{#include ../../../../banners/hacktricks-…
AWS - Hijack Event Source Mapping to Redirect Stream/SQS/Kinesis to Attacker Lambda
AWS - Hijack Event Source Mapping to Redirect Stream/SQS/Kinesis to Attacker Lambda {{#include ../../../../banners/hackt…
AWS - Lambda Function URL Public Exposure (AuthType NONE + Public Invoke Policy)
AWS - Lambda Function URL Public Exposure (AuthType NONE + Public Invoke Policy) {{#include ../../../../banners/hacktric…
AWS Lambda – Log Siphon via LoggingConfig.LogGroup Redirection
AWS Lambda – Log Siphon via LoggingConfig.LogGroup Redirection {{#include ../../../../banners/hacktricks-training.md}} A…
AWS Lambda – Runtime Pinning/Rollback Abuse via PutRuntimeManagementConfig
AWS Lambda – Runtime Pinning/Rollback Abuse via PutRuntimeManagementConfig {{#include ../../../../banners/hacktricks-tra…
AWS - Steal Lambda Requests
AWS - Steal Lambda Requests {{#include ../../../../banners/hacktricks-training.md}} Lambda Flow Slicer is a process outs…
AWS Lambda – VPC Egress Bypass by Detaching VpcConfig
AWS Lambda – VPC Egress Bypass by Detaching VpcConfig {{#include ../../../../banners/hacktricks-training.md}} Force a La…
AWS - Lightsail Post Exploitation
AWS - Lightsail Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} Lightsail For more information…
AWS MWAA Execution Role Account Wildcard Vulnerability
AWS MWAA Execution Role Account Wildcard Vulnerability {{#include ../../../../banners/hacktricks-training.md}} The Vulne…
AWS - Organizations Post Exploitation
AWS - Organizations Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} Organizations For more inf…
AWS - RDS Post Exploitation
AWS - RDS Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} RDS For more information check: {{#r…
AWS - SageMaker Post-Exploitation
AWS - SageMaker Post-Exploitation {{#include ../../../../banners/hacktricks-training.md}} SageMaker endpoint data siphon…
SageMaker Feature Store online store poisoning
SageMaker Feature Store online store poisoning {{#include ../../../../banners/hacktricks-training.md}} Abuse sagemaker:P…
AWS - S3 Post Exploitation
AWS - S3 Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} S3 For more information check: {{#ref…
AWS - Secrets Manager Post Exploitation
AWS - Secrets Manager Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} Secrets Manager For more…
AWS - SES Post Exploitation
AWS - SES Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} SES For more information check: {{#r…
AWS - SNS Post Exploitation
AWS - SNS Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} SNS For more information: {{#ref}} .…
AWS - SNS Message Data Protection Bypass via Policy Downgrade
AWS - SNS Message Data Protection Bypass via Policy Downgrade {{#include ../../../../banners/hacktricks-training.md}} If…
SNS FIFO Archive Replay Exfiltration via Attacker SQS FIFO Subscription
SNS FIFO Archive Replay Exfiltration via Attacker SQS FIFO Subscription {{#include ../../../../banners/hacktricks-traini…
AWS - SNS to Kinesis Firehose Exfiltration (Fanout to S3)
AWS - SNS to Kinesis Firehose Exfiltration (Fanout to S3) {{#include ../../../../banners/hacktricks-training.md}} Abuse …
AWS - SQS Post Exploitation
AWS - SQS Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} SQS For more information check: {{#r…
AWS – SQS DLQ Redrive Exfiltration via StartMessageMoveTask
AWS – SQS DLQ Redrive Exfiltration via StartMessageMoveTask {{#include ../../../../banners/hacktricks-training.md}} Desc…
AWS – SQS Cross-/Same-Account Injection via SNS Subscription + Queue Policy
AWS – SQS Cross-/Same-Account Injection via SNS Subscription + Queue Policy {{#include ../../../../banners/hacktricks-tr…
AWS - SSO & identitystore Post Exploitation
AWS - SSO & identitystore Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} SSO & identi…
AWS - Step Functions Post Exploitation
AWS - Step Functions Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} Step Functions For more i…
AWS - STS Post Exploitation
AWS - STS Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} STS For more information: {{#ref}} .…
AWS - VPN Post Exploitation
AWS - VPN Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} VPN For more information: {{#ref}} .…
AWS - WorkMail Post Exploitation
AWS - WorkMail Post Exploitation {{#include ../../../../banners/hacktricks-training.md}} Abusing WorkMail to bypass SES …
AWS - Privilege Escalation
AWS - Privilege Escalation {{#include ../../../banners/hacktricks-training.md}} AWS Privilege Escalation The way to esca…
AWS - Apigateway Privesc
AWS - Apigateway Privesc {{#include ../../../../banners/hacktricks-training.md}} Apigateway For more information check: …
AWS - AppRunner Privesc
AWS - AppRunner Privesc {{#include ../../../../banners/hacktricks-training.md}} AppRunner iam:PassRole , apprunner:Creat…
AWS - Bedrock PrivEsc
AWS - Bedrock PrivEsc {{#include ../../../../banners/hacktricks-training.md}} Amazon Bedrock AgentCore bedrock-agentcore…
AWS - Chime Privesc
AWS - Chime Privesc {{#include ../../../../banners/hacktricks-training.md}} chime:CreateApiKey TODO {{#include ../../../…
AWS - CloudFront Privesc
AWS - CloudFront Privesc {{#include ../../../../banners/hacktricks-training.md}} CloudFront cloudfront:UpdateDistributio…
AWS - Codebuild Privesc
AWS - Codebuild Privesc {{#include ../../../../banners/hacktricks-training.md}} codebuild Get more info in: {{#ref}} ../…
AWS - Codepipeline Privesc
AWS - Codepipeline Privesc {{#include ../../../../banners/hacktricks-training.md}} codepipeline For more info about code…
AWS - Codestar Privesc
AWS - Codestar Privesc {{#include ../../../../banners/hacktricks-training.md}} Codestar You can find more information ab…
codestar:CreateProject, codestar:AssociateTeamMember
codestar:CreateProject, codestar:AssociateTeamMember {{#include ../../../../banners/hacktricks-training.md}} This is the…
iam:PassRole, codestar:CreateProject
iam:PassRole, codestar:CreateProject {{#include ../../../../banners/hacktricks-training.md}} With these permissions you …
AWS - Cloudformation Privesc
AWS - Cloudformation Privesc {{#include ../../../../banners/hacktricks-training.md}} cloudformation For more information…
iam:PassRole, cloudformation:CreateStack,and cloudformation:DescribeStacks
iam:PassRole, cloudformation:CreateStack,and cloudformation:DescribeStacks {{#include ../../../../banners/hacktricks-tra…
AWS - Cognito Privesc
AWS - Cognito Privesc {{#include ../../../../banners/hacktricks-training.md}} Cognito For more info about Cognito check:…
AWS - Datapipeline Privesc
AWS - Datapipeline Privesc {{#include ../../../../banners/hacktricks-training.md}} datapipeline For more info about data…
AWS - Directory Services Privesc
AWS - Directory Services Privesc {{#include ../../../../banners/hacktricks-training.md}} Directory Services For more inf…
AWS - DynamoDB Privesc
AWS - DynamoDB Privesc {{#include ../../../../banners/hacktricks-training.md}} dynamodb For more info about dynamodb che…
AWS - EBS Privesc
AWS - EBS Privesc {{#include ../../../../banners/hacktricks-training.md}} EBS ebs:ListSnapshotBlocks , ebs:GetSnapshotBl…
AWS - EC2 Privesc
AWS - EC2 Privesc {{#include ../../../../banners/hacktricks-training.md}} EC2 For more info about EC2 check: {{#ref}} ..…
AWS - ECR Privesc
AWS - ECR Privesc {{#include ../../../../banners/hacktricks-training.md}} ECR ecr:GetAuthorizationToken , ecr:BatchGetIm…
AWS - ECS Privesc
AWS - ECS Privesc {{#include ../../../../banners/hacktricks-training.md}} ECS More info about ECS in: {{#ref}} ../../aws…
AWS - EFS Privesc
AWS - EFS Privesc {{#include ../../../../banners/hacktricks-training.md}} EFS More info about EFS in: {{#ref}} ../../aws…
AWS - Elastic Beanstalk Privesc
AWS - Elastic Beanstalk Privesc {{#include ../../../../banners/hacktricks-training.md}} Elastic Beanstalk More info abou…
AWS - EMR Privesc
AWS - EMR Privesc {{#include ../../../../banners/hacktricks-training.md}} EMR More info about EMR in: {{#ref}} ../../aws…
AWS - EventBridge Scheduler Privesc
AWS - EventBridge Scheduler Privesc {{#include ../../../../banners/hacktricks-training.md}} EventBridge Scheduler More i…
AWS - Gamelift
AWS - Gamelift {{#include ../../../../banners/hacktricks-training.md}} gamelift:RequestUploadCredentials With this permi…
AWS - Glue Privesc
AWS - Glue Privesc {{#include ../../../../banners/hacktricks-training.md}} glue iam:PassRole , glue:CreateDevEndpoint , …
AWS - IAM Privesc
AWS - IAM Privesc {{#include ../../../../banners/hacktricks-training.md}} IAM For more info about IAM check: {{#ref}} ..…
AWS - KMS Privesc
AWS - KMS Privesc {{#include ../../../../banners/hacktricks-training.md}} KMS For more info about KMS check: {{#ref}} ..…
AWS - Lambda Privesc
AWS - Lambda Privesc {{#include ../../../../banners/hacktricks-training.md}} lambda More info about lambda in: {{#ref}} …
AWS - Lightsail Privesc
AWS - Lightsail Privesc {{#include ../../../../banners/hacktricks-training.md}} Lightsail For more information about Lig…
AWS - Macie Privesc
AWS - Macie Privesc {{#include ../../../../banners/hacktricks-training.md}} Macie For more information about Macie check…
AWS - Mediapackage Privesc
AWS - Mediapackage Privesc {{#include ../../../../banners/hacktricks-training.md}} mediapackage:RotateChannelCredentials…
AWS - MQ Privesc
AWS - MQ Privesc {{#include ../../../../banners/hacktricks-training.md}} MQ For more information about MQ check: {{#ref}…
AWS - MSK Privesc
AWS - MSK Privesc {{#include ../../../../banners/hacktricks-training.md}} MSK For more information about MSK (Kafka) che…
AWS - RDS Privesc
AWS - RDS Privesc {{#include ../../../../banners/hacktricks-training.md}} RDS - Relational Database Service For more inf…
AWS - Redshift Privesc
AWS - Redshift Privesc {{#include ../../../../banners/hacktricks-training.md}} Redshift For more information about RDS c…
AWS - Route53 Privesc
AWS - Route53 Privesc {{#include ../../../../banners/hacktricks-training.md}} For more information about Route53 check: …
AWS - SNS Privesc
AWS - SNS Privesc {{#include ../../../../banners/hacktricks-training.md}} SNS For more information check: {{#ref}} ../..…
AWS - SQS Privesc
AWS - SQS Privesc {{#include ../../../../banners/hacktricks-training.md}} SQS For more information check: {{#ref}} ../..…
AWS - SSO & identitystore Privesc
AWS - SSO & identitystore Privesc {{#include ../../../../banners/hacktricks-training.md}} AWS Identity Center / AWS …
AWS - Organizations Privesc
AWS - Organizations Privesc {{#include ../../../../banners/hacktricks-training.md}} Organizations For more information c…
AWS - S3 Privesc
AWS - S3 Privesc {{#include ../../../../banners/hacktricks-training.md}} S3 s3:PutBucketNotification , s3:PutObject , s3…
AWS - Sagemaker Privesc
AWS - Sagemaker Privesc {{#include ../../../../banners/hacktricks-training.md}} AWS - Sagemaker Privesc iam:PassRole , s…
AWS - Secrets Manager Privesc
AWS - Secrets Manager Privesc {{#include ../../../../banners/hacktricks-training.md}} Secrets Manager For more info abou…
AWS - SSM Privesc
AWS - SSM Privesc {{#include ../../../../banners/hacktricks-training.md}} SSM For more info about SSM check: {{#ref}} ..…
AWS - Step Functions Privesc
AWS - Step Functions Privesc {{#include ../../../../banners/hacktricks-training.md}} Step Functions For more information…
AWS - STS Privesc
AWS - STS Privesc {{#include ../../../../banners/hacktricks-training.md}} STS sts:AssumeRole Every role is created with …
AWS - WorkDocs Privesc
AWS - WorkDocs Privesc {{#include ../../../../banners/hacktricks-training.md}} WorkDocs For more info about WorkDocs che…
AWS - Services
AWS - Services {{#include ../../../banners/hacktricks-training.md}} Types of services Container services Services that f…
AWS - Security & Detection Services
AWS - Security & Detection Services {{#include ../../../../banners/hacktricks-training.md}}…
AWS - CloudTrail Enum
AWS - CloudTrail Enum {{#include ../../../../banners/hacktricks-training.md}} CloudTrail AWS CloudTrail records and moni…
AWS - CloudWatch Enum
AWS - CloudWatch Enum {{#include ../../../../banners/hacktricks-training.md}} CloudWatch CloudWatch collects monitoring …
AWS - Config Enum
AWS - Config Enum {{#include ../../../../banners/hacktricks-training.md}} AWS Config AWS Config capture resource changes…
AWS - Control Tower Enum
AWS - Control Tower Enum {{#include ../../../../banners/hacktricks-training.md}} Control Tower 📝 Note In summary, Contro…
AWS - Cost Explorer Enum
AWS - Cost Explorer Enum {{#include ../../../../banners/hacktricks-training.md}} Cost Explorer and Anomaly detection Thi…
AWS - Detective Enum
AWS - Detective Enum {{#include ../../../../banners/hacktricks-training.md}} Detective Amazon Detective streamlines the …
AWS - Firewall Manager Enum
AWS - Firewall Manager Enum {{#include ../../../../banners/hacktricks-training.md}} Firewall Manager AWS Firewall Manage…
AWS - GuardDuty Enum
AWS - GuardDuty Enum {{#include ../../../../banners/hacktricks-training.md}} GuardDuty According to the docs : GuardDuty…
AWS - Inspector Enum
AWS - Inspector Enum {{#include ../../../../banners/hacktricks-training.md}} Inspector Amazon Inspector is an advanced, …
AWS - Security Hub Enum
AWS - Security Hub Enum {{#include ../../../../banners/hacktricks-training.md}} Security Hub Security Hub collects secur…
AWS - Shield Enum
AWS - Shield Enum {{#include ../../../../banners/hacktricks-training.md}} Shield AWS Shield has been designed to help pr…
AWS - Trusted Advisor Enum
AWS - Trusted Advisor Enum {{#include ../../../../banners/hacktricks-training.md}} AWS Trusted Advisor Overview Trusted …
AWS - WAF Enum
AWS - WAF Enum {{#include ../../../../banners/hacktricks-training.md}} AWS WAF AWS WAF is a web application firewall des…
AWS - API Gateway Enum
AWS - API Gateway Enum {{#include ../../../banners/hacktricks-training.md}} API Gateway Basic Information AWS API Gatewa…
AWS - Bedrock
AWS - Bedrock {{#include ../../../banners/hacktricks-training.md}} Overview Amazon Bedrock is a fully managed service th…
AWS - Certificate Manager (ACM) & Private Certificate Authority (PCA)
AWS - Certificate Manager (ACM) & Private Certificate Authority (PCA) {{#include ../../../banners/hacktricks-trainin…
AWS - CloudFormation & Codestar Enum
AWS - CloudFormation & Codestar Enum {{#include ../../../banners/hacktricks-training.md}} CloudFormation AWS CloudFo…
AWS - CloudHSM Enum
AWS - CloudHSM Enum {{#include ../../../banners/hacktricks-training.md}} HSM - Hardware Security Module Cloud HSM is a F…
AWS - CloudFront Enum
AWS - CloudFront Enum {{#include ../../../banners/hacktricks-training.md}} CloudFront CloudFront is AWS's content delive…
AWS - Codebuild Enum
AWS - Codebuild Enum {{#include ../../../banners/hacktricks-training.md}} CodeBuild AWS CodeBuild is recognized as a ful…
AWS - Cognito Enum
AWS - Cognito Enum {{#include ../../../../banners/hacktricks-training.md}} Cognito Amazon Cognito is utilized for authen…
Cognito Identity Pools
Cognito Identity Pools {{#include ../../../../banners/hacktricks-training.md}} Basic Information Identity pools serve a …
Cognito User Pools
Cognito User Pools {{#include ../../../../banners/hacktricks-training.md}} Basic Information A user pool is a user direc…
AWS - DataPipeline, CodePipeline & CodeCommit Enum
AWS - DataPipeline, CodePipeline & CodeCommit Enum {{#include ../../../banners/hacktricks-training.md}} DataPipeline…
AWS - Directory Services / WorkDocs Enum
AWS - Directory Services / WorkDocs Enum {{#include ../../../banners/hacktricks-training.md}} Directory Services AWS Dir…
AWS - DocumentDB Enum
AWS - DocumentDB Enum {{#include ../../../../banners/hacktricks-training.md}} DocumentDB Amazon DocumentDB, offering com…
AWS - DynamoDB Enum
AWS - DynamoDB Enum {{#include ../../../banners/hacktricks-training.md}} DynamoDB Basic Information Amazon DynamoDB is p…
AWS - EC2, EBS, ELB, SSM, VPC & VPN Enum
AWS - EC2, EBS, ELB, SSM, VPC & VPN Enum {{#include ../../../../banners/hacktricks-training.md}} VPC & Networkin…
AWS - Nitro Enum
AWS - Nitro Enum {{#include ../../../../banners/hacktricks-training.md}} Basic Information AWS Nitro is a suite of innov…
AWS - VPC & Networking Basic Information
AWS - VPC & Networking Basic Information {{#include ../../../../banners/hacktricks-training.md}} AWS Networking in a…
AWS - ECR Enum
AWS - ECR Enum {{#include ../../../banners/hacktricks-training.md}} ECR Basic Information Amazon Elastic Container Regis…
AWS - ECS Enum
AWS - ECS Enum {{#include ../../../banners/hacktricks-training.md}} ECS Basic Information Amazon Elastic Container Servi…
AWS - EKS Enum
AWS - EKS Enum {{#include ../../../banners/hacktricks-training.md}} EKS Amazon Elastic Kubernetes Service (Amazon EKS) i…
AWS - Elastic Beanstalk Enum
AWS - Elastic Beanstalk Enum {{#include ../../../banners/hacktricks-training.md}} Elastic Beanstalk Amazon Elastic Beans…
AWS - ElastiCache
AWS - ElastiCache {{#include ../../../banners/hacktricks-training.md}} ElastiCache AWS ElastiCache is a fully managed in…
AWS - EMR Enum
AWS - EMR Enum {{#include ../../../banners/hacktricks-training.md}} EMR AWS's Elastic MapReduce (EMR) service, starting …
AWS - EFS Enum
AWS - EFS Enum {{#include ../../../banners/hacktricks-training.md}} EFS Basic Information Amazon Elastic File System (EF…
AWS - EventBridge Scheduler Enum
AWS - EventBridge Scheduler Enum {{#include ../../../banners/hacktricks-training.md}} EventBridge Scheduler Amazon Event…
AWS - Kinesis Data Firehose Enum
AWS - Kinesis Data Firehose Enum {{#include ../../../banners/hacktricks-training.md}} Kinesis Data Firehose Amazon Kines…
AWS - IAM, Identity Center & SSO Enum
AWS - IAM, Identity Center & SSO Enum {{#include ../../../banners/hacktricks-training.md}} IAM You can find a descri…
AWS - KMS Enum
AWS - KMS Enum {{#include ../../../banners/hacktricks-training.md}} KMS - Key Management Service AWS Key Management Serv…
AWS - Lambda Enum
AWS - Lambda Enum {{#include ../../../banners/hacktricks-training.md}} Lambda Amazon Web Services (AWS) Lambda is descri…
AWS - Lightsail Enum
AWS - Lightsail Enum {{#include ../../../banners/hacktricks-training.md}} AWS - Lightsail Amazon Lightsail provides an e…
Amazon Macie
Amazon Macie {{#include ../../../banners/hacktricks-training.md}} Macie Amazon Macie stands out as a service designed to…
AWS - MQ Enum
AWS - MQ Enum {{#include ../../../banners/hacktricks-training.md}} Amazon MQ Introduction to Message Brokers Message bro…
AWS - MSK Enum
AWS - MSK Enum {{#include ../../../banners/hacktricks-training.md}} Amazon MSK Amazon Managed Streaming for Apache Kafka…
AWS - Organizations Enum
AWS - Organizations Enum {{#include ../../../banners/hacktricks-training.md}} Baisc Information AWS Organizations facili…
AWS - Redshift Enum
AWS - Redshift Enum {{#include ../../../banners/hacktricks-training.md}} Amazon Redshift Redshift is a fully managed ser…
AWS - Relational Database (RDS) Enum
AWS - Relational Database (RDS) Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information The Relation…
AWS - Route53 Enum
AWS - Route53 Enum {{#include ../../../banners/hacktricks-training.md}} Route 53 Amazon Route 53 is a cloud Domain Name …
AWS - SageMaker Enum
AWS - SageMaker Enum {{#include ../../../../banners/hacktricks-training.md}} Service Overview Amazon SageMaker is AWS' m…
AWS - Secrets Manager Enum
AWS - Secrets Manager Enum {{#include ../../../banners/hacktricks-training.md}} AWS Secrets Manager AWS Secrets Manager …
AWS - SES Enum
AWS - SES Enum {{#include ../../../banners/hacktricks-training.md}} Basic Information Amazon Simple Email Service (Amazo…
AWS - SNS Enum
AWS - SNS Enum {{#include ../../../banners/hacktricks-training.md}} SNS Amazon Simple Notification Service (Amazon SNS) …
AWS - SQS Enum
AWS - SQS Enum {{#include ../../../banners/hacktricks-training.md}} SQS Amazon Simple Queue Service (SQS) is presented a…
AWS - S3, Athena & Glacier Enum
AWS - S3, Athena & Glacier Enum {{#include ../../../banners/hacktricks-training.md}} S3 Amazon S3 is a service that …
AWS - Step Functions Enum
AWS - Step Functions Enum {{#include ../../../banners/hacktricks-training.md}} Step Functions AWS Step Functions is a wo…
AWS - STS Enum
AWS - STS Enum {{#include ../../../banners/hacktricks-training.md}} STS AWS Security Token Service (STS) is primarily de…
AWS - Other Services Enum
AWS - Other Services Enum {{#include ../../../banners/hacktricks-training.md}} Directconnect Allows to connect a corpora…
AWS - Unauthenticated Enum & Access
AWS - Unauthenticated Enum & Access {{#include ../../../banners/hacktricks-training.md}} AWS Credentials Leaks A com…
AWS - Accounts Unauthenticated Enum
AWS - Accounts Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} Account IDs If you have a ta…
AWS - API Gateway Unauthenticated Enum
AWS - API Gateway Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} API Invoke bypass Accordi…
AWS - Cloudfront Unauthenticated Enum
AWS - Cloudfront Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} Public URL template https:…
AWS - Cognito Unauthenticated Enum
AWS - Cognito Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} Unauthenticated Cognito Cogni…
AWS - CodeBuild Unauthenticated Access
AWS - CodeBuild Unauthenticated Access {{#include ../../../../banners/hacktricks-training.md}} CodeBuild For more info c…
AWS - DocumentDB Unauthenticated Enum
AWS - DocumentDB Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} Public URL template <na…
AWS - DynamoDB Unauthenticated Access
AWS - DynamoDB Unauthenticated Access {{#include ../../../../banners/hacktricks-training.md}} Dynamo DB For more informa…
AWS - EC2 Unauthenticated Enum
AWS - EC2 Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} EC2 & Related Services Check …
AWS - ECR Unauthenticated Enum
AWS - ECR Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} ECR For more information check: {…
AWS - ECS Unauthenticated Enum
AWS - ECS Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} ECS For more information check: {…
AWS - Elastic Beanstalk Unauthenticated Enum
AWS - Elastic Beanstalk Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} Elastic Beanstalk F…
AWS - Elasticsearch Unauthenticated Enum
AWS - Elasticsearch Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} Public URL template htt…
AWS - IAM & STS Unauthenticated Enum
AWS - IAM & STS Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} Enumerate Roles & U…
AWS - Identity Center & SSO Unauthenticated Enum
AWS - Identity Center & SSO Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} AWS Device …
AWS - IoT Unauthenticated Enum
AWS - IoT Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} Public URL template mqtt://{rando…
AWS - Kinesis Video Unauthenticated Enum
AWS - Kinesis Video Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} Public URL template htt…
AWS - Lambda Unauthenticated Access
AWS - Lambda Unauthenticated Access {{#include ../../../../banners/hacktricks-training.md}} Public Function URL It's pos…
AWS - Media Unauthenticated Enum
AWS - Media Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} Public URL template https://{ra…
AWS - MQ Unauthenticated Enum
AWS - MQ Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} Public Port RabbitMQ In case of Ra…
AWS - MSK Unauthenticated Enum
AWS - MSK Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} Public Port It's possible to expo…
AWS - RDS Unauthenticated Enum
AWS - RDS Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} RDS For more information check: {…
AWS - Redshift Unauthenticated Enum
AWS - Redshift Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} Public URL template {user_pr…
AWS - SageMaker Unauthorized Access
AWS - SageMaker Unauthorized Access {{#include ../../../../banners/hacktricks-training.md}} Presigned URLs for SageMaker…
AWS - SQS Unauthenticated Enum
AWS - SQS Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} SQS For more information about SQ…
AWS - SNS Unauthenticated Enum
AWS - SNS Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} SNS For more information about SN…
AWS - S3 Unauthenticated Enum
AWS - S3 Unauthenticated Enum {{#include ../../../../banners/hacktricks-training.md}} S3 Public Buckets A bucket is cons…
Azure Pentesting
Azure Pentesting {{#include ../../banners/hacktricks-training.md}} Basic Information Learn the basics of Azure and Entra…
Az - Basic Information
Az - Basic Information {{#include ../../../banners/hacktricks-training.md}} Organization Hierarchy Management Groups It …
Azure – Federation Abuse (GitHub Actions OIDC / Workload Identity)
Azure – Federation Abuse (GitHub Actions OIDC / Workload Identity) {{#include ../../../banners/hacktricks-training.md}} …
Az - Tokens & Public Applications
Az - Tokens & Public Applications {{#include ../../../banners/hacktricks-training.md}} Basic Information Entra ID is…
Az - Enumeration Tools
Az - Enumeration Tools {{#include ../../banners/hacktricks-training.md}} Install PowerShell in Linux 💡 Tip In linux you …
Az - Unauthenticated Enum & Initial Entry
Az - Unauthenticated Enum & Initial Entry {{#include ../../../banners/hacktricks-training.md}} Azure Tenant Tenant E…
Az - Container Registry Unauth
Az - Container Registry Unauth {{#include ../../../banners/hacktricks-training.md}} Container Registry Unauth For more i…
Az - OAuth Apps Phishing
Az - OAuth Apps Phishing {{#include ../../../banners/hacktricks-training.md}} OAuth App Phishing Azure Applications are …
Az - Storage Unauth
Az - Storage Unauth {{#include ../../../banners/hacktricks-training.md}} Storage Unauth For more information about stora…
Az - VMs Unauth
Az - VMs Unauth {{#include ../../../banners/hacktricks-training.md}} Virtual Machines For more info about Azure Virtual …
Az - Device Code Authentication Phishing
Az - Device Code Authentication Phishing {{#include ../../../banners/hacktricks-training.md}} Check: https://o365blog.co…
Az - Password Spraying
Az - Password Spraying {{#include ../../../banners/hacktricks-training.md}} Password Spray In Azure this can be done aga…
Az - Services
Az - Services {{#include ../../../banners/hacktricks-training.md}} Portals You can find the list of Microsoft portals in…
Az - Entra ID (AzureAD) & Azure IAM
Az - Entra ID (AzureAD) & Azure IAM {{#include ../../../banners/hacktricks-training.md}} Basic Information Azure Act…
Az - ACR
Az - ACR {{#include ../../../banners/hacktricks-training.md}} Basic Information Azure Container Registry (ACR) is a mana…
Az - API Management
Az - API Management {{#include ../../../banners/hacktricks-training.md}} Basic Information Azure API Management (APIM) i…
Az - Application Proxy
Az - Application Proxy {{#include ../../../banners/hacktricks-training.md}} Basic Information From the docs: Azure Activ…
Az - ARM Templates / Deployments
Az - ARM Templates / Deployments {{#include ../../../banners/hacktricks-training.md}} Basic Information From the docs: T…
Az - Automation Accounts
Az - Automation Accounts {{#include ../../../banners/hacktricks-training.md}} Basic Information Azure Automation Account…
Az - App Services
Az - App Services {{#include ../../../banners/hacktricks-training.md}} App Service Basic Information Azure App Services …
Az - AI Foundry, AI Hubs, Azure OpenAI & AI Search
Az - AI Foundry, AI Hubs, Azure OpenAI & AI Search {{#include ../../../banners/hacktricks-training.md}} Why These Se…
Az - Cloud Shell
Az - Cloud Shell {{#include ../../../banners/hacktricks-training.md}} Azure Cloud Shell Azure Cloud Shell is an interact…
Az - Container Registry
Az - Container Registry {{#include ../../../banners/hacktricks-training.md}} Basic Information Azure Container Registry …
Az - Container Instances
Az - Container Instances {{#include ../../../banners/hacktricks-training.md}} Basic Information Azure Container Instance…
Az - CosmosDB
Az - CosmosDB {{#include ../../../banners/hacktricks-training.md}} Azure CosmosDB Azure Cosmos DB is a fully managed NoS…
Az - Defender
Az - Defender {{#include ../../../banners/hacktricks-training.md}} Microsoft Defender for Cloud Microsoft Defender for C…
Az - File Shares
Az - File Shares {{#include ../../../banners/hacktricks-training.md}} Basic Information Azure Files is a fully managed c…
Az - Front Door
Az - Front Door {{#include ../../../banners/hacktricks-training.md}} RemoteAddr Bypass This blog post explains how when …
Az - Function Apps
Az - Function Apps {{#include ../../../banners/hacktricks-training.md}} Basic Information Azure Function Apps are a serv…
Az - Intune
Az - Intune {{#include ../../../banners/hacktricks-training.md}} Basic Information Microsoft Intune is designed to strea…
Az - Key Vault
Az - Key Vault {{#include ../../../banners/hacktricks-training.md}} Basic Information Azure Key Vault is a cloud service…
Az - Logic Apps
Az - Logic Apps {{#include ../../../banners/hacktricks-training.md}} Basic Information Azure Logic Apps enables develope…
Az - Management Groups, Subscriptions & Resource Groups
Az - Management Groups, Subscriptions & Resource Groups {{#include ../../../banners/hacktricks-training.md}} Managem…
Az - Management Groups, Subscriptions & Resource Groups
Az - Management Groups, Subscriptions & Resource Groups {{#include ../../../banners/hacktricks-training.md}} Power A…
Az - Monitoring
Az - Monitoring {{#include ../../../banners/hacktricks-training.md}} Entra ID - Logs There are 3 types of logs available…
Az - MySQL Databases
Az - MySQL Databases {{#include ../../../banners/hacktricks-training.md}} Azure MySQL Azure Database for MySQL is a full…
Az - PostgreSQL Databases
Az - PostgreSQL Databases {{#include ../../../banners/hacktricks-training.md}} Azure PostgreSQL Azure Database for Postg…
Az - Queue Storage
Az - Queue Storage {{#include ../../../banners/hacktricks-training.md}} Basic Information Azure Queue Storage is a servi…
Az - Defender
Az - Defender {{#include ../../../banners/hacktricks-training.md}} Microsoft Sentinel Microsoft Sentinel is a cloud-nati…
Az - Service Bus Enum
Az - Service Bus Enum {{#include ../../../banners/hacktricks-training.md}} Service Bus Azure Service Bus is a cloud-base…
Az - SQL
Az - SQL {{#include ../../../banners/hacktricks-training.md}} Azure SQL Azure SQL is a family of managed, secure, and in…
Az Static Web Apps
Az Static Web Apps {{#include ../../../banners/hacktricks-training.md}} Static Web Apps Basic Information Azure Static W…
Az - Storage Accounts & Blobs
Az - Storage Accounts & Blobs {{#include ../../../banners/hacktricks-training.md}} Basic Information Azure Storage A…
Az - Table Storage
Az - Table Storage {{#include ../../../banners/hacktricks-training.md}} Basic Information Azure Table Storage is a NoSQL…
Az - Virtual Desktop
Az - Virtual Desktop {{#include ../../../banners/hacktricks-training.md}} Azure Virtual Desktop Virtual Desktop is a des…
Az - Virtual Machines & Network
Az - Virtual Machines & Network {{#include ../../../../banners/hacktricks-training.md}} Azure Networking Basic Info …
Az - Azure Network
Az - Azure Network {{#include ../../../../banners/hacktricks-training.md}} Basic Information Azure provides virtual netw…
Az - Permissions for a Pentest
Az - Permissions for a Pentest {{#include ../../banners/hacktricks-training.md}} To start a white box hardening review o…
Az - Lateral Movement (Cloud - On-Prem)
Az - Lateral Movement (Cloud - On-Prem) {{#include ../../../banners/hacktricks-training.md}} Basic Information This sect…
Az - Arc vulnerable GPO Deploy Script
Az - Arc vulnerable GPO Deploy Script {{#include ../../../banners/hacktricks-training.md}} Identifying the Issues Azure …
Az - Cloud Kerberos Trust
Az - Cloud Kerberos Trust {{#include ../../../banners/hacktricks-training.md}} This post is a summary of https://dirkjan…
Az - Cloud Sync
Az - Cloud Sync {{#include ../../../banners/hacktricks-training.md}} Basic Information Cloud Sync is basically the new w…
Az - Connect Sync
Az - Connect Sync {{#include ../../../banners/hacktricks-training.md}} Basic Information From the docs: Microsoft Entra …
Az - Microsoft Entra Domain Services
Az - Microsoft Entra Domain Services {{#include ../../../banners/hacktricks-training.md}} Domain Services Microsoft Entr…
Az - Federation
Az - Federation {{#include ../../../banners/hacktricks-training.md}} Basic Information From the docs: Federation is a co…
Hybrid Identity Miscellaneous Attacks
Hybrid Identity Miscellaneous Attacks {{#include ../../../banners/hacktricks-training.md}} Forcing Synchronization of En…
Az - Exchange Hybrid Impersonation (ACS Actor Tokens)
Az - Exchange Hybrid Impersonation (ACS Actor Tokens) {{#include ../../../banners/hacktricks-training.md}} Basic Informa…
Az - Local Cloud Credentials
Az - Local Cloud Credentials {{#include ../../../banners/hacktricks-training.md}} Local Token Storage and Security Consi…
Az - Pass the Certificate
Az - Pass the Certificate {{#include ../../../banners/hacktricks-training.md}} Pass the Certificate (Azure) In Azure joi…
Az - Pass the Cookie
Az - Pass the Cookie {{#include ../../../banners/hacktricks-training.md}} Why Cookies? Browser cookies are a great mecha…
Az - Primary Refresh Token (PRT)
Az - Primary Refresh Token (PRT) {{#include ../../../banners/hacktricks-training.md}} What is a Primary Refresh Token (P…
Az - PTA - Pass-through Authentication
Az - PTA - Pass-through Authentication {{#include ../../../banners/hacktricks-training.md}} Basic Information From the d…
Az - Seamless SSO
Az - Seamless SSO {{#include ../../../banners/hacktricks-training.md}} Basic Information From the docs: Azure Active Dir…
Az - Post Exploitation
Az - Post Exploitation {{#include ../../../banners/hacktricks-training.md}} {{#ref}} az-azure-ai-foundry-post-exploitati…
Azure - API Management Post-Exploitation
Azure - API Management Post-Exploitation {{#include ../../../banners/hacktricks-training.md}} Microsoft.ApiManagement/se…
Azure - AI Foundry Post-Exploitation via Hugging Face Model Namespace Reuse
Azure - AI Foundry Post-Exploitation via Hugging Face Model Namespace Reuse {{#include ../../../banners/hacktricks-train…
Az - Blob Storage Post Exploitation
Az - Blob Storage Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Storage Privesc For more inform…
Az - CosmosDB Post Exploitation
Az - CosmosDB Post Exploitation {{#include ../../../banners/hacktricks-training.md}} CosmosDB Post Exploitation For more…
Az - File Share Post Exploitation
Az - File Share Post Exploitation {{#include ../../../banners/hacktricks-training.md}} File Share Post Exploitation For …
Az - Function Apps Post Exploitation
Az - Function Apps Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Funciton Apps Post Exploitaito…
Az - Key Vault Post Exploitation
Az - Key Vault Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Azure Key Vault For more informati…
Az - Logic Apps Post Exploitation
Az - Logic Apps Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Logic Apps Database Post Exploita…
Az - MySQL Post Exploitation
Az - MySQL Post Exploitation {{#include ../../../banners/hacktricks-training.md}} MySQL Database Post Exploitation For m…
Az - PostgreSQL Post Exploitation
Az - PostgreSQL Post Exploitation {{#include ../../../banners/hacktricks-training.md}} PostgreSQL Database Post Exploita…
Az - Queue Storage Post Exploitation
Az - Queue Storage Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Queue For more information che…
Az - Service Bus Post Exploitation
Az - Service Bus Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Service Bus For more information…
Az - Table Storage Post Exploitation
Az - Table Storage Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Table Storage Post Exploitatio…
Az - SQL Database Post Exploitation
Az - SQL Database Post Exploitation {{#include ../../../banners/hacktricks-training.md}} SQL Database Post Exploitation …
Az - VMs & Network Post Exploitation
Az - VMs & Network Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Virtual Desktop For more i…
Az - VMs & Network Post Exploitation
Az - VMs & Network Post Exploitation {{#include ../../../banners/hacktricks-training.md}} VMs & Network For more…
Az - Privilege Escalation
Az - Privilege Escalation {{#include ../../../banners/hacktricks-training.md}}…
Az - Azure IAM Privesc (Authorization)
Az - Azure IAM Privesc (Authorization) {{#include ../../../banners/hacktricks-training.md}} Azure IAM Fore more informat…
Az - AI Foundry, AI Hubs, Azure OpenAI & AI Search Privesc
Az - AI Foundry, AI Hubs, Azure OpenAI & AI Search Privesc {{#include ../../../banners/hacktricks-training.md}} Azur…
Az - API Management Privesc
Az - API Management Privesc {{#include ../../../banners/hacktricks-training.md}} Microsoft.ApiManagement/service/namedVa…
Az - App Services Privesc
Az - App Services Privesc {{#include ../../../banners/hacktricks-training.md}} App Services For more information about A…
Az - Azure Automation Accounts Privesc
Az - Azure Automation Accounts Privesc {{#include ../../../banners/hacktricks-training.md}} Azure Automation Accounts Fo…
Az - Azure Container Registry Privesc
Az - Azure Container Registry Privesc {{#include ../../../banners/hacktricks-training.md}} Azure Container Registry Fore…
Az - Azure Container Instances, Apps & Jobs Privesc
Az - Azure Container Instances, Apps & Jobs Privesc {{#include ../../../banners/hacktricks-training.md}} Azure Conta…
Az - CosmosDB Privesc
Az - CosmosDB Privesc {{#include ../../../banners/hacktricks-training.md}} CosmosDB Privesc For more information about S…
Az - EntraID Privesc
Az - EntraID Privesc {{#include ../../../../banners/hacktricks-training.md}} 📝 Note Note that **not all the granular per…
Az - Conditional Access Policies & MFA Bypass
Az - Conditional Access Policies & MFA Bypass {{#include ../../../../banners/hacktricks-training.md}} Basic Informat…
Az - Dynamic Groups Privesc
Az - Dynamic Groups Privesc {{#include ../../../../banners/hacktricks-training.md}} Basic Information Dynamic groups are…
Az - Functions App Privesc
Az - Functions App Privesc {{#include ../../../banners/hacktricks-training.md}} Function Apps Check the following page f…
Az - Key Vault Privesc
Az - Key Vault Privesc {{#include ../../../banners/hacktricks-training.md}} Azure Key Vault For more information about t…
Az - Logic Apps Privesc
Az - Logic Apps Privesc {{#include ../../../banners/hacktricks-training.md}} Logic Apps Privesc For more information abo…
Az - MySQL Database Privesc
Az - MySQL Database Privesc {{#include ../../../banners/hacktricks-training.md}} MySQL Database Privesc For more informa…
Az - PostgreSQL Privesc
Az - PostgreSQL Privesc {{#include ../../../banners/hacktricks-training.md}} PostgreSQL Privesc For more information abo…
Az - Queue Storage Privesc
Az - Queue Storage Privesc {{#include ../../../banners/hacktricks-training.md}} Queue For more information check: {{#ref…
Az - Service Bus Privesc
Az - Service Bus Privesc {{#include ../../../banners/hacktricks-training.md}} Service Bus For more information check: {{…
Az - Static Web Apps Post Exploitation
Az - Static Web Apps Post Exploitation {{#include ../../../banners/hacktricks-training.md}} Azure Static Web Apps For mo…
Az - Storage Privesc
Az - Storage Privesc {{#include ../../../banners/hacktricks-training.md}} Storage Privesc For more information about sto…
Az - SQL Database Privesc
Az - SQL Database Privesc {{#include ../../../banners/hacktricks-training.md}} SQL Database Privesc For more information…
Az - Virtual Desktop Privesx
Az - Virtual Desktop Privesx {{#include ../../../banners/hacktricks-training.md}} Azure Virtual Desktop Privesc For more…
Az - Virtual Machines & Network Privesc
Az - Virtual Machines & Network Privesc {{#include ../../../banners/hacktricks-training.md}} VMS & Network For m…
Az - Persistence
Az - Persistence {{#include ../../../banners/hacktricks-training.md}} OAuth Application By default, any user can registe…
Az - Automation Accounts Persistence
Az - Automation Accounts Persistence {{#include ../../../banners/hacktricks-training.md}} Storage Privesc For more infor…
Az - Cloud Shell Persistence
Az - Cloud Shell Persistence {{#include ../../../banners/hacktricks-training.md}} Cloud Shell Persistence Azure Cloud Sh…
Az - Logic Apps Persistence
Az - Logic Apps Persistence {{#include ../../../banners/hacktricks-training.md}} Logic Apps For more information check: …
Az - SQL Persistence
Az - SQL Persistence {{#include ../../../banners/hacktricks-training.md}} SQL For more information check: {{#ref}} ../az…
Az - Queue Storage Persistence
Az - Queue Storage Persistence {{#include ../../../banners/hacktricks-training.md}} Queue For more information check: {{…
Az - VMs Persistence
Az - VMs Persistence {{#include ../../../banners/hacktricks-training.md}} VMs persistence For more information about VMs…
Az - Storage Persistence
Az - Storage Persistence {{#include ../../../banners/hacktricks-training.md}} Storage Privesc For more information about…
Az - Device Registration
Az - Device Registration {{#include ../../banners/hacktricks-training.md}} Basic Information When a device joins AzureAD…
Digital Ocean Pentesting
Digital Ocean Pentesting {{#include ../../banners/hacktricks-training.md}} Basic Information Before start pentesting a D…
DO - Basic Information
DO - Basic Information {{#include ../../banners/hacktricks-training.md}} Basic Information DigitalOcean is a cloud compu…
DO - Permissions for a Pentest
DO - Permissions for a Pentest {{#include ../../banners/hacktricks-training.md}} DO doesn't support granular permissions…
DO - Services
DO - Services {{#include ../../../banners/hacktricks-training.md}} DO offers a few services, here you can find how to en…
DO - Apps
DO - Apps {{#include ../../../banners/hacktricks-training.md}} Basic Information From the docs: App Platform is a Platfo…
DO - Container Registry
DO - Container Registry {{#include ../../../banners/hacktricks-training.md}} Basic Information DigitalOcean Container Re…
DO - Databases
DO - Databases {{#include ../../../banners/hacktricks-training.md}} Basic Information With DigitalOcean Databases, you c…
DO - Droplets
DO - Droplets {{#include ../../../banners/hacktricks-training.md}} Basic Information In DigitalOcean, a "droplet" is a v…
DO - Functions
DO - Functions {{#include ../../../banners/hacktricks-training.md}} Basic Information DigitalOcean Functions, also known…
DO - Images
DO - Images {{#include ../../../banners/hacktricks-training.md}} Basic Information DigitalOcean Images are pre-built ope…
DO - Kubernetes (DOKS)
DO - Kubernetes (DOKS) {{#include ../../../banners/hacktricks-training.md}} Basic Information DigitalOcean Kubernetes (D…
DO - Networking
DO - Networking {{#include ../../../banners/hacktricks-training.md}} Domains doctl compute domain list doctl compute dom…
DO - Projects
DO - Projects {{#include ../../../banners/hacktricks-training.md}} Basic Information project is just a container for all…
DO - Spaces
DO - Spaces {{#include ../../../banners/hacktricks-training.md}} Basic Information DigitalOcean Spaces are object storag…
DO - Volumes
DO - Volumes {{#include ../../../banners/hacktricks-training.md}} Basic Information DigitalOcean volumes are block stora…
IBM Cloud Pentesting
IBM Cloud Pentesting {{#include ../../banners/hacktricks-training.md}} What is IBM cloud? (By chatGPT) IBM Cloud, a clou…
IBM - Hyper Protect Crypto Services
IBM - Hyper Protect Crypto Services {{#include ../../banners/hacktricks-training.md}} Basic Information IBM Hyper Protec…
IBM - Hyper Protect Virtual Server
IBM - Hyper Protect Virtual Server {{#include ../../banners/hacktricks-training.md}} Basic Information Hyper Protect Vir…
IBM - Basic Information
IBM - Basic Information {{#include ../../banners/hacktricks-training.md}} Hierarchy IBM Cloud resource model ( from the …
OpenShift Pentesting
OpenShift Pentesting {{#include ../../banners/hacktricks-training.md}} Basic Information {{#ref}} openshift-basic-inform…
OpenShift - Basic information
OpenShift - Basic information {{#include ../../banners/hacktricks-training.md}} Kubernetes prior b asic knowledge Before…
Openshift - SCC
Openshift - SCC {{#include ../../banners/hacktricks-training.md}} The original author of this page is Guillaume Definiti…
OpenShift - Jenkins
OpenShift - Jenkins {{#include ../../../banners/hacktricks-training.md}} The original author of this page is Fares This …
Jenkins in Openshift - build pod overrides
Jenkins in Openshift - build pod overrides {{#include ../../../banners/hacktricks-training.md}} The original author of t…
OpenShift - Privilege Escalation
OpenShift - Privilege Escalation {{#include ../../../banners/hacktricks-training.md}} Missing Service Account {{#ref}} o…
OpenShift - Missing Service Account
OpenShift - Missing Service Account {{#include ../../../banners/hacktricks-training.md}} Missing Service Account It happ…
OpenShift - Tekton
OpenShift - Tekton {{#include ../../../banners/hacktricks-training.md}} The original author of this page is Haroun What …
Openshift - SCC bypass
Openshift - SCC bypass {{#include ../../../banners/hacktricks-training.md}} The original author of this page is Guillaum…