Cloud Penetration Testing
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Provides instructions and PowerShell scripts to execute arbitrary code on Azure Virtual Machines using the
Invoke-AzVMRunCommandutility in filesub-skills/phase-4-azure-exploitation.md\n- [COMMAND_EXECUTION]: Contains dedicated modules for establishing persistence by creating backdoor administrative users and service principals insub-skills/phase-5-azure-persistence.mdandsub-skills/phase-9-aws-persistence.md\n- [DATA_EXFILTRATION]: Includes techniques to harvest sensitive authentication tokens, cloud metadata (IMDS), and secrets from services like Azure Key Vault and AWS Lambda environment variables as seen insub-skills/phase-4-azure-exploitation.mdandsub-skills/phase-8-aws-exploitation.md\n- [DATA_EXFILTRATION]: Outlines methods for stealing local authentication databases and configuration files (e.g.,gcloudconfig) to pivot between identities insub-skills/phase-11-gcp-exploitation.md\n- [EXTERNAL_DOWNLOADS]: Fetches official cloud provider tools and binaries from well-known domains includingawscli.amazonaws.comandsdk.cloud.google.cominsub-skills/required-tools.md\n- [REMOTE_CODE_EXECUTION]: Implements installation routines that pipe remote setup scripts from Google's official domain directly into the bash shell insub-skills/required-tools.md
Audit Metadata