Cloud Penetration Testing

What it does

This skill simulates cloud environment attacks to identify vulnerabilities in configurations, access controls, and deployed services across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). It covers a range of techniques including reconnaissance, authentication testing, resource enumeration, privilege escalation, data extraction, and persistence. The output includes comprehensive findings, risk ratings, inventory of resources, credential findings, and remediation recommendations. Authorized use only - this skill is intended for authorized security assessments, defensive validation, or controlled educational environments.

When to use it

• Conducting a security assessment of an Azure environment.
• Evaluating the effectiveness of IAM controls in an AWS deployment.
• Identifying misconfigurations and vulnerabilities within a GCP infrastructure.
• Validating the security posture of cloud-based services.
• Performing controlled educational exercises on cloud penetration testing techniques.

Key capabilities

• Cloud Platform Support: Assesses Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
• Reconnaissance: Gathers information about a target's cloud presence using tools like curl and custom Python scripts (cloud_enum.py, ip2provider.py).
• Authentication Testing: Supports authentication via Az PowerShell module, MSOnline module, stolen context import, and credential-based login (potentially bypassing MFA).
• Resource Enumeration: Lists Azure contexts, subscriptions, role assignments, resources, resource groups, storage accounts, web applications, SQL servers, and databases.
• Reporting: Generates a Cloud Security Assessment Report with findings, risk ratings, a resource inventory, credential findings, and remediation recommendations.

Example prompts

• "Simulate reconnaissance on targetcompany to identify their cloud resources."
• "Authenticate to Azure using the provided credentials and enumerate all web applications."
• “Import this stolen token profile: C:\Temp\StolenToken.json and list available contexts.”

Tips & gotchas

• Prerequisites: This skill requires specific tools (Az PowerShell module, AWS CLI, GCP CLI, scoutsuite, pacu) to be installed and configured beforehand. Refer to the "Required Tools" section for installation instructions.
• Authorization Required: Use of this skill requires written authorization for testing and defined rules of engagement. Unauthorized use is strictly prohibited.
• Knowledge Base: A foundational understanding of cloud architecture, IAM, API authentication, and DevOps concepts is necessary to effectively utilize the skill’s output.