Cloud Penetration Testing

Purpose

Conduct comprehensive security assessments of cloud infrastructure across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). This skill covers reconnaissance, authentication testing, resource enumeration, privilege escalation, data extraction, and persistence techniques for authorized cloud security engagements.

Prerequisites

🧠 Knowledge Modules (Fractal Skills)

1. Required Tools

2. Required Knowledge

3. Required Access

4. Phase 1: Reconnaissance

5. Phase 2: Azure Authentication

6. Phase 3: Azure Enumeration

7. Phase 4: Azure Exploitation

8. Phase 5: Azure Persistence

9. Phase 6: AWS Authentication

10. Phase 7: AWS Enumeration

11. Phase 8: AWS Exploitation

12. Phase 9: AWS Persistence

13. Phase 10: GCP Enumeration

14. Phase 11: GCP Exploitation

15. Azure Key Commands

16. AWS Key Commands

17. GCP Key Commands

18. Metadata Service URLs

19. Useful Tools

20. Legal Requirements

21. Technical Limitations

22. Detection Considerations

23. Example 1: Azure Password Spray

24. Example 2: AWS S3 Bucket Enumeration

25. Example 3: GCP Service Account Compromise