🇮🇳
HackTricks Cloud
Hindi - Ht Cloud
English - Ht CloudAfrikaans - Ht CloudChinese - Ht CloudEspañol - Ht CloudFrançais - Ht CloudGerman - Ht CloudGreek - Ht CloudHindi - Ht CloudItalian - Ht CloudJapanese - Ht CloudKorean - Ht CloudPolish - Ht CloudPortuguês - Ht CloudSerbian - Ht CloudSwahili - Ht CloudTurkish - Ht CloudUkranian - Ht Cloud
Hindi - Ht Cloud
English - Ht CloudAfrikaans - Ht CloudChinese - Ht CloudEspañol - Ht CloudFrançais - Ht CloudGerman - Ht CloudGreek - Ht CloudHindi - Ht CloudItalian - Ht CloudJapanese - Ht CloudKorean - Ht CloudPolish - Ht CloudPortuguês - Ht CloudSerbian - Ht CloudSwahili - Ht CloudTurkish - Ht CloudUkranian - Ht Cloud
  • 👽Welcome!
    • HackTricks Cloud
    • About the Author
    • HackTricks Values & faq
  • 🏭Pentesting CI/CD
    • Pentesting CI/CD Methodology
    • Github Security
      • Abusing Github Actions
        • Gh Actions - Artifact Poisoning
        • GH Actions - Cache Poisoning
        • Gh Actions - Context Script Injections
      • Accessible Deleted Data in Github
      • Basic Github Information
    • Gitea Security
      • Basic Gitea Information
    • Concourse Security
      • Concourse Architecture
      • Concourse Lab Creation
      • Concourse Enumeration & Attacks
    • CircleCI Security
    • TravisCI Security
      • Basic TravisCI Information
    • Jenkins Security
      • Basic Jenkins Information
      • Jenkins RCE with Groovy Script
      • Jenkins RCE Creating/Modifying Project
      • Jenkins RCE Creating/Modifying Pipeline
      • Jenkins Arbitrary File Read to RCE via "Remember Me"
      • Jenkins Dumping Secrets from Groovy
    • Apache Airflow Security
      • Airflow Configuration
      • Airflow RBAC
    • Terraform Security
    • Atlantis Security
    • Cloudflare Security
      • Cloudflare Domains
      • Cloudflare Zero Trust Network
    • Okta Security
      • Okta Hardening
    • Serverless.com Security
    • Supabase Security
    • Ansible Tower / AWX / Automation controller Security
    • Vercel Security
    • TODO
  • ⛈️Pentesting Cloud
    • Pentesting Cloud Methodology
    • Kubernetes Pentesting
      • Kubernetes Basics
      • Pentesting Kubernetes Services
        • Kubelet Authentication & Authorization
      • Exposing Services in Kubernetes
      • Attacking Kubernetes from inside a Pod
      • Kubernetes Enumeration
      • Kubernetes Role-Based Access Control(RBAC)
      • Abusing Roles/ClusterRoles in Kubernetes
        • Pod Escape Privileges
        • Kubernetes Roles Abuse Lab
      • Kubernetes Namespace Escalation
      • Kubernetes External Secret Operator
      • Kubernetes Pivoting to Clouds
      • Kubernetes Network Attacks
      • Kubernetes Hardening
        • Kubernetes SecurityContext(s)
      • Kubernetes OPA Gatekeeper
        • Kubernetes OPA Gatekeeper bypass
      • Kubernetes Kyverno
        • Kubernetes Kyverno bypass
      • Kubernetes ValidatingWebhookConfiguration
    • GCP Pentesting
      • GCP - Basic Information
        • GCP - Federation Abuse
      • GCP - Permissions for a Pentest
      • GCP - Post Exploitation
        • GCP - App Engine Post Exploitation
        • GCP - Artifact Registry Post Exploitation
        • GCP - Cloud Build Post Exploitation
        • GCP - Cloud Functions Post Exploitation
        • GCP - Cloud Run Post Exploitation
        • GCP - Cloud Shell Post Exploitation
        • GCP - Cloud SQL Post Exploitation
        • GCP - Compute Post Exploitation
        • GCP - Filestore Post Exploitation
        • GCP - IAM Post Exploitation
        • GCP - KMS Post Exploitation
        • GCP - Logging Post Exploitation
        • GCP - Monitoring Post Exploitation
        • GCP - Pub/Sub Post Exploitation
        • GCP - Secretmanager Post Exploitation
        • GCP - Security Post Exploitation
        • GCP - Workflows Post Exploitation
        • GCP - Storage Post Exploitation
      • GCP - Privilege Escalation
        • GCP - Apikeys Privesc
        • GCP - AppEngine Privesc
        • GCP - Artifact Registry Privesc
        • GCP - Batch Privesc
        • GCP - BigQuery Privesc
        • GCP - ClientAuthConfig Privesc
        • GCP - Cloudbuild Privesc
        • GCP - Cloudfunctions Privesc
        • GCP - Cloudidentity Privesc
        • GCP - Cloud Scheduler Privesc
        • GCP - Compute Privesc
          • GCP - Add Custom SSH Metadata
        • GCP - Composer Privesc
        • GCP - Container Privesc
        • GCP - Deploymentmaneger Privesc
        • GCP - IAM Privesc
        • GCP - KMS Privesc
        • GCP - Orgpolicy Privesc
        • GCP - Pubsub Privesc
        • GCP - Resourcemanager Privesc
        • GCP - Run Privesc
        • GCP - Secretmanager Privesc
        • GCP - Serviceusage Privesc
        • GCP - Sourcerepos Privesc
        • GCP - Storage Privesc
        • GCP - Workflows Privesc
        • GCP - Generic Permissions Privesc
        • GCP - Network Docker Escape
        • GCP - local privilege escalation ssh pivoting
      • GCP - Persistence
        • GCP - API Keys Persistence
        • GCP - App Engine Persistence
        • GCP - Artifact Registry Persistence
        • GCP - BigQuery Persistence
        • GCP - Cloud Functions Persistence
        • GCP - Cloud Run Persistence
        • GCP - Cloud Shell Persistence
        • GCP - Cloud SQL Persistence
        • GCP - Compute Persistence
        • GCP - Dataflow Persistence
        • GCP - Filestore Persistence
        • GCP - Logging Persistence
        • GCP - Secret Manager Persistence
        • GCP - Storage Persistence
        • GCP - Token Persistance
      • GCP - Services
        • GCP - AI Platform Enum
        • GCP - API Keys Enum
        • GCP - App Engine Enum
        • GCP - Artifact Registry Enum
        • GCP - Batch Enum
        • GCP - Bigquery Enum
        • GCP - Bigtable Enum
        • GCP - Cloud Build Enum
        • GCP - Cloud Functions Enum
        • GCP - Cloud Run Enum
        • GCP - Cloud Shell Enum
        • GCP - Cloud SQL Enum
        • GCP - Cloud Scheduler Enum
        • GCP - Compute Enum
          • GCP - Compute Instances
          • GCP - VPC & Networking
        • GCP - Composer Enum
        • GCP - Containers & GKE Enum
        • GCP - DNS Enum
        • GCP - Filestore Enum
        • GCP - Firebase Enum
        • GCP - Firestore Enum
        • GCP - IAM, Principals & Org Policies Enum
        • GCP - KMS Enum
        • GCP - Logging Enum
        • GCP - Memorystore Enum
        • GCP - Monitoring Enum
        • GCP - Pub/Sub Enum
        • GCP - Secrets Manager Enum
        • GCP - Security Enum
        • GCP - Source Repositories Enum
        • GCP - Spanner Enum
        • GCP - Stackdriver Enum
        • GCP - Storage Enum
        • GCP - Workflows Enum
      • GCP <--> Workspace Pivoting
        • GCP - Understanding Domain-Wide Delegation
      • GCP - Unauthenticated Enum & Access
        • GCP - API Keys Unauthenticated Enum
        • GCP - App Engine Unauthenticated Enum
        • GCP - Artifact Registry Unauthenticated Enum
        • GCP - Cloud Build Unauthenticated Enum
        • GCP - Cloud Functions Unauthenticated Enum
        • GCP - Cloud Run Unauthenticated Enum
        • GCP - Cloud SQL Unauthenticated Enum
        • GCP - Compute Unauthenticated Enum
        • GCP - IAM, Principals & Org Unauthenticated Enum
        • GCP - Source Repositories Unauthenticated Enum
        • GCP - Storage Unauthenticated Enum
          • GCP - Public Buckets Privilege Escalation
    • GWS - Workspace Pentesting
      • GWS - Post Exploitation
      • GWS - Persistence
      • GWS - Workspace Sync Attacks (GCPW, GCDS, GPS, Directory Sync with AD & EntraID)
        • GWS - Admin Directory Sync
        • GCDS - Google Cloud Directory Sync
        • GCPW - Google Credential Provider for Windows
        • GPS - Google Password Sync
      • GWS - Google Platforms Phishing
        • GWS - App Scripts
    • AWS Pentesting
      • AWS - Basic Information
        • AWS - Federation Abuse
      • AWS - Permissions for a Pentest
      • AWS - Persistence
        • AWS - API Gateway Persistence
        • AWS - Cognito Persistence
        • AWS - DynamoDB Persistence
        • AWS - EC2 Persistence
        • AWS - ECR Persistence
        • AWS - ECS Persistence
        • AWS - Elastic Beanstalk Persistence
        • AWS - EFS Persistence
        • AWS - IAM Persistence
        • AWS - KMS Persistence
        • AWS - Lambda Persistence
          • AWS - Abusing Lambda Extensions
          • AWS - Lambda Layers Persistence
        • AWS - Lightsail Persistence
        • AWS - RDS Persistence
        • AWS - S3 Persistence
        • AWS - SNS Persistence
        • AWS - Secrets Manager Persistence
        • AWS - SQS Persistence
        • AWS - SSM Perssitence
        • AWS - Step Functions Persistence
        • AWS - STS Persistence
      • AWS - Post Exploitation
        • AWS - API Gateway Post Exploitation
        • AWS - CloudFront Post Exploitation
        • AWS - CodeBuild Post Exploitation
          • AWS Codebuild - Token Leakage
        • AWS - Control Tower Post Exploitation
        • AWS - DLM Post Exploitation
        • AWS - DynamoDB Post Exploitation
        • AWS - EC2, EBS, SSM & VPC Post Exploitation
          • AWS - EBS Snapshot Dump
          • AWS - Malicious VPC Mirror
        • AWS - ECR Post Exploitation
        • AWS - ECS Post Exploitation
        • AWS - EFS Post Exploitation
        • AWS - EKS Post Exploitation
        • AWS - Elastic Beanstalk Post Exploitation
        • AWS - IAM Post Exploitation
        • AWS - KMS Post Exploitation
        • AWS - Lambda Post Exploitation
          • AWS - Steal Lambda Requests
        • AWS - Lightsail Post Exploitation
        • AWS - Organizations Post Exploitation
        • AWS - RDS Post Exploitation
        • AWS - S3 Post Exploitation
        • AWS - Secrets Manager Post Exploitation
        • AWS - SES Post Exploitation
        • AWS - SNS Post Exploitation
        • AWS - SQS Post Exploitation
        • AWS - SSO & identitystore Post Exploitation
        • AWS - Step Functions Post Exploitation
        • AWS - STS Post Exploitation
        • AWS - VPN Post Exploitation
      • AWS - Privilege Escalation
        • AWS - Apigateway Privesc
        • AWS - Chime Privesc
        • AWS - Codebuild Privesc
        • AWS - Codepipeline Privesc
        • AWS - Codestar Privesc
          • codestar:CreateProject, codestar:AssociateTeamMember
          • iam:PassRole, codestar:CreateProject
        • AWS - Cloudformation Privesc
          • iam:PassRole, cloudformation:CreateStack,and cloudformation:DescribeStacks
        • AWS - Cognito Privesc
        • AWS - Datapipeline Privesc
        • AWS - Directory Services Privesc
        • AWS - DynamoDB Privesc
        • AWS - EBS Privesc
        • AWS - EC2 Privesc
        • AWS - ECR Privesc
        • AWS - ECS Privesc
        • AWS - EFS Privesc
        • AWS - Elastic Beanstalk Privesc
        • AWS - EMR Privesc
        • AWS - EventBridge Scheduler Privesc
        • AWS - Gamelift
        • AWS - Glue Privesc
        • AWS - IAM Privesc
        • AWS - KMS Privesc
        • AWS - Lambda Privesc
        • AWS - Lightsail Privesc
        • AWS - Mediapackage Privesc
        • AWS - MQ Privesc
        • AWS - MSK Privesc
        • AWS - RDS Privesc
        • AWS - Redshift Privesc
        • AWS - Route53 Privesc
        • AWS - SNS Privesc
        • AWS - SQS Privesc
        • AWS - SSO & identitystore Privesc
        • AWS - Organizations Privesc
        • AWS - S3 Privesc
        • AWS - Sagemaker Privesc
        • AWS - Secrets Manager Privesc
        • AWS - SSM Privesc
        • AWS - Step Functions Privesc
        • AWS - STS Privesc
        • AWS - WorkDocs Privesc
      • AWS - Services
        • AWS - Security & Detection Services
          • AWS - CloudTrail Enum
          • AWS - CloudWatch Enum
          • AWS - Config Enum
          • AWS - Control Tower Enum
          • AWS - Cost Explorer Enum
          • AWS - Detective Enum
          • AWS - Firewall Manager Enum
          • AWS - GuardDuty Enum
          • AWS - Inspector Enum
          • AWS - Macie Enum
          • AWS - Security Hub Enum
          • AWS - Shield Enum
          • AWS - Trusted Advisor Enum
          • AWS - WAF Enum
        • AWS - API Gateway Enum
        • AWS - Certificate Manager (ACM) & Private Certificate Authority (PCA)
        • AWS - CloudFormation & Codestar Enum
        • AWS - CloudHSM Enum
        • AWS - CloudFront Enum
        • AWS - Codebuild Enum
        • AWS - Cognito Enum
          • Cognito Identity Pools
          • Cognito User Pools
        • AWS - DataPipeline, CodePipeline & CodeCommit Enum
        • AWS - Directory Services / WorkDocs Enum
        • AWS - DocumentDB Enum
        • AWS - DynamoDB Enum
        • AWS - EC2, EBS, ELB, SSM, VPC & VPN Enum
          • AWS - Nitro Enum
          • AWS - VPC & Networking Basic Information
        • AWS - ECR Enum
        • AWS - ECS Enum
        • AWS - EKS Enum
        • AWS - Elastic Beanstalk Enum
        • AWS - ElastiCache
        • AWS - EMR Enum
        • AWS - EFS Enum
        • AWS - EventBridge Scheduler Enum
        • AWS - Kinesis Data Firehose Enum
        • AWS - IAM, Identity Center & SSO Enum
        • AWS - KMS Enum
        • AWS - Lambda Enum
        • AWS - Lightsail Enum
        • AWS - MQ Enum
        • AWS - MSK Enum
        • AWS - Organizations Enum
        • AWS - Redshift Enum
        • AWS - Relational Database (RDS) Enum
        • AWS - Route53 Enum
        • AWS - Secrets Manager Enum
        • AWS - SES Enum
        • AWS - SNS Enum
        • AWS - SQS Enum
        • AWS - S3, Athena & Glacier Enum
        • AWS - Step Functions Enum
        • AWS - STS Enum
        • AWS - Other Services Enum
      • AWS - Unauthenticated Enum & Access
        • AWS - Accounts Unauthenticated Enum
        • AWS - API Gateway Unauthenticated Enum
        • AWS - Cloudfront Unauthenticated Enum
        • AWS - Cognito Unauthenticated Enum
        • AWS - CodeBuild Unauthenticated Access
        • AWS - DocumentDB Unauthenticated Enum
        • AWS - DynamoDB Unauthenticated Access
        • AWS - EC2 Unauthenticated Enum
        • AWS - ECR Unauthenticated Enum
        • AWS - ECS Unauthenticated Enum
        • AWS - Elastic Beanstalk Unauthenticated Enum
        • AWS - Elasticsearch Unauthenticated Enum
        • AWS - IAM & STS Unauthenticated Enum
        • AWS - Identity Center & SSO Unauthenticated Enum
        • AWS - IoT Unauthenticated Enum
        • AWS - Kinesis Video Unauthenticated Enum
        • AWS - Lambda Unauthenticated Access
        • AWS - Media Unauthenticated Enum
        • AWS - MQ Unauthenticated Enum
        • AWS - MSK Unauthenticated Enum
        • AWS - RDS Unauthenticated Enum
        • AWS - Redshift Unauthenticated Enum
        • AWS - SQS Unauthenticated Enum
        • AWS - SNS Unauthenticated Enum
        • AWS - S3 Unauthenticated Enum
    • Azure Pentesting
      • Az - Basic Information
        • Az - Tokens & Public Applications
      • Az - Enumeration Tools
      • Az - Unauthenticated Enum & Initial Entry
        • Az - OAuth Apps Phishing
        • Az - VMs Unath
        • Az - Device Code Authentication Phishing
        • Az - Password Spraying
      • Az - Services
        • Az - Entra ID (AzureAD) & Azure IAM
        • Az - ACR
        • Az - Application Proxy
        • Az - ARM Templates / Deployments
        • Az - Automation Account
          • Az - State Configuration RCE
        • Az - Azure App Service & Function Apps
        • Az - Intune
        • Az - File Shares
        • Az - Function Apps
        • Az - Key Vault
        • Az - Logic Apps
        • Az - Management Groups, Subscriptions & Resource Groups
        • Az - Queue Storage
        • Az - Service Bus
        • Az - SQL
        • Az - Storage Accounts & Blobs
        • Az - Table Storage
        • Az - Virtual Machines & Network
          • Az - Azure Network
      • Az - Permissions for a Pentest
      • Az - Lateral Movement (Cloud - On-Prem)
        • Az AD Connect - Hybrid Identity
          • Az- Synchronising New Users
          • Az - Default Applications
          • Az - Cloud Kerberos Trust
          • Az - Federation
          • Az - PHS - Password Hash Sync
          • Az - PTA - Pass-through Authentication
          • Az - Seamless SSO
          • Az - Arc vulnerable GPO Deploy Script
        • Az - Local Cloud Credentials
        • Az - Pass the Cookie
        • Az - Pass the Certificate
        • Az - Pass the PRT
        • Az - Phishing Primary Refresh Token (Microsoft Entra)
        • Az - Processes Memory Access Token
        • Az - Primary Refresh Token (PRT)
      • Az - Post Exploitation
        • Az - Blob Storage Post Exploitation
        • Az - File Share Post Exploitation
        • Az - Key Vault Post Exploitation
        • Az - Queue Storage Post Exploitation
        • Az - Service Bus Post Exploitation
        • Az - Table Storage Post Exploitation
        • Az - VMs & Network Post Exploitation
      • Az - Privilege Escalation
        • Az - Azure IAM Privesc (Authorization)
        • Az - EntraID Privesc
          • Az - Conditional Access Policies & MFA Bypass
          • Az - Dynamic Groups Privesc
        • Az - Functions App Privesc
        • Az - Key Vault Privesc
        • Az - Queue Storage Privesc
        • Az - Service Bus Privesc
        • Az - Virtual Machines & Network Privesc
        • Az - Storage Privesc
      • Az - Persistence
        • Az - Queue Storage Persistence
        • Az - VMs Persistence
        • Az - Storage Persistence
      • Az - Device Registration
    • Digital Ocean Pentesting
      • DO - Basic Information
      • DO - Permissions for a Pentest
      • DO - Services
        • DO - Apps
        • DO - Container Registry
        • DO - Databases
        • DO - Droplets
        • DO - Functions
        • DO - Images
        • DO - Kubernetes (DOKS)
        • DO - Networking
        • DO - Projects
        • DO - Spaces
        • DO - Volumes
    • IBM Cloud Pentesting
      • IBM - Hyper Protect Crypto Services
      • IBM - Hyper Protect Virtual Server
      • IBM - Basic Information
    • OpenShift Pentesting
      • OpenShift - Basic information
      • Openshift - SCC
      • OpenShift - Jenkins
        • OpenShift - Jenkins Build Pod Override
      • OpenShift - Privilege Escalation
        • OpenShift - Missing Service Account
        • OpenShift - Tekton
        • OpenShift - SCC bypass
  • 🛫Pentesting Network Services
    • HackTricks Pentesting Network
    • HackTricks Pentesting Services
Powered by GitBook