Identifying entry points on O365, AWS, Azure and GCP

Identifying entry points on 0365, AWS, Azure and GCP

This blog is mainly a list of Tools to expose and test entry points into AWS, Azure and GCP. My next goal is to implement these tools and develop some youtube videos. Then after that develop actual detection and mitigation strategies.

Hacking the Cloud – Cloud Security – Attacks

πŸ‘‰ Get familiar with Cloud Security fundamentals with Learn to cloud by Gwyneth PeΓ±a-Siguenza and Day Johnson

πŸ‘‰ Hacking the cloud by Nick Frichette an encyclopedia of the techniques that offensive security professionals can use against cloud environments.

πŸ‘‰ Cloud Security – Attacks by Joas A Santos

πŸ‘‰ Practice with this free lab from Pentester Academy

πŸ‘‰ Practice with Flaws by Scott Piper


πŸ‘‰ Public Cloud Breaches –

πŸ‘‰ Learn AWS Pentesting –

Microsoft Azure Security Checklist / Audit

πŸ’‘ Run regular OSINT (Open-Source Intelligence) scans to identify compromised accounts & cycle all credentials based on the accounts found in the OSINT hunt.
πŸ’‘ Ensuring all accounts have MFA enforced. Accounts without MFA are simply a business risk in today’s era of identity-centric applications & services.
πŸ’‘ Create conditional access policies to limit access to HVT (High-Value Targets) & HVS (High-Value Services) based on Geo-location, Device/Identity risk, etc.
πŸ’‘ Create a conditional access policy to limit access to the Azure Portal (Only allow specific group access, enforce MFA, and only allow logins from certain locations) (This not only reduces the Azure Portal attack surface but also enforces the reduced attack surface)
πŸ’‘ Restrict the Azure AD administration portal.
πŸ’‘ Enforce strict privilege access on inter-cloud resources such as Subscriptions, Resource Groups & any other Azure workloads.
πŸ’‘ Enforce strict guest user privileges (ACL) & access (MFA)
πŸ’‘ Create Sentinel queries & alerts to flag any suspicious activity related to Tenant takeover tactics (Just because the Threat Actor managed to log into the environment (Red Team), does not mean the activity went unnoticed (Blue Team)

AWS Security Tools

AWS – Easy to get started, changes daily, difficult to secure and harder to know if you are “doing it right’. AWS has 1000s of APIs, are you confident there are all secure? Have a good nights sleep.

AWS innovates really quickly. AWS send out a lot of new features that continually change the game in terms of how a central security team can approach security, monitor security, or author their permissions. Keeping up with all of this game-changing information is really, really hard. I follow Twitter and the What’s New announcements for up to date information, and of course the AWS Security Blog;

Research Articles

Security Terraform scripts;

Known AWS breaches


AWS Digital Forensic Analysis

Leave a Reply