Git Product home page Git Product logo

cloud-pentest's Introduction

Cloud-pentest

Resources to learn cloud environment and pentesting the same, contains AWS, Azure, Google Cloud

Serial No Topic Link
1 Basics https://www.tutorialspoint.com/amazon_web_services/index.htm
2 Instance creation https://github.com/awsdocs/amazon-ec2-user-guide/blob/master/doc_source/EC2_GetStarted.md https://github.com/awsdocs/amazon-ec2-user-guide/blob/master/doc_source/concepts.md
3 Storage https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-dg.pdf https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html https://docs.aws.amazon.com/storagegateway/latest/userguide/storagegateway-ug.pdf https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AmazonCloudFront_DevGuide.pdf
4 Database https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/dynamodb-dg.pdf https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-ug.pdf https://docs.aws.amazon.com/redshift/latest/dg/redshift-dg.pdf
5 Networking https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ug.pdf https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/route53-dg.pdf https://docs.aws.amazon.com/directconnect/latest/UserGuide/dc-ug.pdf
6 Workspaces https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-ag.pdf
7 Lambda https://docs.aws.amazon.com/lambda/latest/dg/lambda-dg.pdf
8 Full Guide https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-ug.pdf
9 Vulnerability scanning https://securityftw.github.io/
10 Penetration testing https://github.com/dagrz/aws_pwn https://github.com/toniblyx/my-arsenal-of-aws-security-tools#offensive https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20AWS%20Pentest.md#aws---shadow-admin https://github.com/toniblyx/my-arsenal-of-aws-security-tools#continuous-security-auditing https://github.com/zricethezav/gitleaks https://github.com/RhinoSecurityLabs/pacu https://github.com/elitest/Redboto https://github.com/jordanpotti/AWSBucketDump https://github.com/RhinoSecurityLabs/Security-Research/tree/master/tools/aws-pentest-tools https://github.com/mxm0z/awesome-sec-s3 https://github.com/nagwww/s3-leaks https://owasp.org/www-chapter-pune/Pentesting_AWS_by_Anand_Varia.pdf https://gracefulsecurity.com/an-introduction-to-penetration-testing-aws-same-same-but-different/
11 Compliance CIS security benchmark check for AMI instances
CIS security benchmark check for IAM instances
IAM user and access management best practices check
Logging best practices check
Networking best practices check
Monitoring best practices check
AWS Code build review for secret leaks (https://github.com/RhinoSecurityLabs/cloudgoat/blob/master/scenarios/codebuild_secrets/README.md)
AWS Lambda environment best practices(https://github.com/OWASP/Serverless-Goat/blob/master/LESSONS.md) Lesson 3
Dynamo DB configuration best practices
Third party packages vulnerability check
VPC best practices
EBS best practices
EC2 metadata best practices
ECR best practices
EKS best practices
ELB best practices
12 Source code review https://github.com/RhinoSecurityLabs/cloudgoat/blob/master/scenarios/codebuild_secrets/README.md
13 Kubernetes https://docs.aws.amazon.com/eks/latest/userguide/eks-ug.pdf
14 Container https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-dg.pdf



Sheet 2: Google Cloud

Serial No Topic Link
1 Basics https://intellipaat.com/blog/what-is-google-cloud/ https://github.com/gregsramblings/google-cloud-4-words https://www.linkedin.com/pulse/google-cloud-jumpstart-tutorials-community-david-das-neves/
2 Instance Creation https://intellipaat.com/blog/what-is-google-cloud/ https://raw.githubusercontent.com/isb-cgc/readthedocs/master/docs/include/intro_to_Console.pdf https://cloud.google.com/compute/docs/concepts https://github.com/cs231n/gcloud
3 Storage https://cloud.google.com/storage/docs/how-to https://cloud.google.com/storage/archival https://cloud.google.com/products/data-transfer https://cloud.google.com/storage/docs https://cloud.google.com/filestore/docs https://cloud.google.com/local-ssd https://cloud.google.com/persistent-disk
4 Networking https://cloud.google.com/vpc/docs/vpc https://cloud.google.com/nat/docs https://cloud.google.com/load-balancing/docs https://cloud.google.com/dns/docs https://cloud.google.com/cdn/docs https://cloud.google.com/domains/docs
5 Database https://cloud.google.com/sql/docs https://cloud.google.com/spanner/docs https://firebase.google.com/docs/database https://cloud.google.com/bigtable/docs https://cloud.google.com/firestore/docs
6 Bare metal https://cloud.google.com/bare-metal/docs
7 Google Kubernetes Engine https://cloud.google.com/kubernetes-engine/docs
8 Containers https://cloud.google.com/compute/docs/containers
9 Vulnerabilty scanning https://forsetisecurity.org/
10 Penetration testing https://six2dez.gitbook.io/pentest-book/enumeration/cloud/gcp https://github.com/RhinoSecurityLabs/GCPBucketBrute https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/GCP.md

Sheet 3: Azure

Serial No Topic Link
1 Basics https://www.tutorialspoint.com/microsoft_azure/index.htm https://docs.microsoft.com/en-us/learn/paths/az-900-describe-cloud-concepts/
2 Instance Creation https://docs.microsoft.com/en-us/learn/paths/azure-administrator-manage-compute-resources/ https://docs.microsoft.com/en-us/learn/modules/azure-compute-fundamentals/ https://docs.microsoft.com/en-us/learn/modules/create-windows-virtual-machine-in-azure/ https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-virtual-machines/ https://docs.microsoft.com/en-us/learn/modules/manage-users-and-groups-in-aad/
3 Storage https://docs.microsoft.com/en-us/learn/modules/azure-storage-fundamentals/
4 Networking https://docs.microsoft.com/en-us/learn/modules/azure-networking-fundamentals/ https://docs.microsoft.com/en-us/learn/modules/manage-users-and-groups-in-aad/ https://docs.microsoft.com/learn/modules/connect-on-premises-network-with-vpn-gateway/
5 Database https://docs.microsoft.com/en-us/learn/modules/azure-database-fundamentals/
6 Network security https://docs.microsoft.com/en-us/learn/paths/az-900-describe-general-security-network-security-features/
7 System Secuirty https://docs.microsoft.com/en-us/learn/modules/protect-against-security-threats-azure/
8 Active directory Managment https://docs.microsoft.com/en-us/learn/modules/manage-users-and-groups-in-aad/ https://docs.microsoft.com/en-us/learn/modules/manage-users-and-groups-in-aad/
9 Docker containers https://docs.microsoft.com/learn/modules/intro-to-docker-containers/ https://docs.microsoft.com/learn/paths/administer-containers-in-azure/
10 Kubernetes https://docs.microsoft.com/learn/modules/connect-on-premises-network-with-vpn-gateway/
11 Pentesting https://amp.kitploit.com/2020/04/roadtools-azure-ad-exploration-framework.html?amp=1&m=1 https://blog.xpnsec.com/azuread-connect-for-redteam/ https://blogvaronis2.wpengine.com/azure-skeleton-key/ https://www.synacktiv.com/en/publications/azure-ad-introduction-for-red-teamers.html https://dirkjanm.io/introducing-roadtools-and-roadrecon-azure-ad-exploration-framework/ https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training/blob/master/README.md https://drive.google.com/file/d/1FPW5PbMzcHL-rRGSX4lewX3auQlAi-ix/view?usp=sharing https://drive.google.com/file/d/1O_LFQj0nHAXDvCNFWsiCEyLUpDqi-T5l/view?usp=sharing https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md https://github.com/mattrotlevi/lava https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/Azure.md https://github.com/NetSPI/MicroBurst https://attack.mitre.org/matrices/enterprise/cloud/azure/ https://book.hacktricks.xyz/cloud-security-review
12 Vulnerability Scanning https://github.com/NextSecurity/azucar
13 Best practices https://github.com/AZ-500-PREP/Audit-and-Remediate

Sheet 4: Common tools & Links

Name Link
Terra Goat https://github.com/bridgecrewio/terragoat
CS Suite https://securityftw.github.io/
Collection https://github.com/4ndersonLin/awesome-cloud-security
Talk by BlackHillsInfosec https://www.blackhillsinfosec.com/wp-content/uploads/2020/05/Breaching-the-Cloud-Perimeter-Slides.pdf

cloud-pentest's People

Contributors

vengatesh-nagarajan avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.