# Cloud Security - [AWS](https://www.techwithtyler.dev/cloud-security/aws.md) - [AWS Offensive Security](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security.md): AWS offensive security tactics and techniques - [AWS Attacks and Techniques](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques.md): Demonstrating various attacks that can be performed on AWS accounts and services - [Data Poisoning - Bedrock Knowledge Base](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/data-poisoning-bedrock-knowledge-base.md): How to poison Amazon Bedrock Knowledge Base - [Enumerate AWS Organization ID](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-aws-organization-id.md): How to enumerate the AWS Organization ID - [Enumerate AWS Account IDs](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-aws-account-ids.md): To maintain security, AWS Account IDs should be handled carefully, even though they are not deemed confidential. While they are not secrets, they can lead to exposure of sensitive resources or data. - [Enumerate AWS IAM Users](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-aws-iam-users.md): Exposure of AWS IAM Usernames can further aid attackers efforts to access an AWS account. Exposure leaves users vulnerable to attacks such as phishing and password-spraying. - [Enumerate (Unauthenticated) IAM Users and Roles](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-unauthenticated-iam-users-and-roles.md): Exploiting an AWS feature of the IAM Role Trust Policy allowing for unauthenticated enumeration of AWS IAM Users and Roles in AWS Accounts. - [Enumerate AWS Public Resources](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-aws-public-resources.md): Public resources like EBS and RDS snapshots or SSM Documents can lead to data and credential leaks. - [Enumerate Secrets in AWS](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/enumerate-secrets-in-aws.md): Tips and tricks for discovering secrets in AWS - [Generate AWS Console Session](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/generate-aws-console-session.md): Get access to the AWS console with AWS access keys - [Generate IAM Access Keys from CloudShell](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/generate-iam-access-keys-from-cloudshell.md): Using an undocumented endpoint, we can leverage CloudShell from the AWS Console and create AWS Access Keys for the logged on user. - [Password Spraying AWS IAM Users](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/password-spraying-aws-iam-users.md): Performing password spray attacks against AWS console users can lead to successful credentials validation and, in turn, access to the AWS user and AWS account. - [Server Side Request Forgery (SSRF)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/server-side-request-forgery-ssrf.md): Server Side Request Forgery attacks can lead to the compromising of AWS EC2 IAM Roles - [Subdomain Takeovers](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/subdomain-takeovers.md): Compromise a subdomain by taking over resources no longer existing - [AWS Defense Evasion](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-defense-evasion.md): Techniques attackers use to avoid detection - [CloudTrail Tampering](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-defense-evasion/cloudtrail-tampering.md): Techniques for avoiding CloudTrail detection - [GuardDuty Tampering](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-defense-evasion/guardduty-tampering.md): Techniques for avoiding and disabling GuardDuty detection - [Undocumented AWS APIs](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-defense-evasion/undocumented-aws-apis.md): Techniques for avoiding CloudTrail detection - [Nonproduction API Endpoints](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-defense-evasion/nonproduction-api-endpoints.md): Techniques for avoiding CloudTrail detection - [AWS Persistence](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence.md): Techniques threat actors use to maintain persistence in an AWS environment - [Generate IAM Access Keys from CloudShell](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence/generate-iam-access-keys-from-cloudshell.md): AWS persistence technique - [Creating IAM Access Keys](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence/creating-iam-access-keys.md): AWS persistence technique - [Backdoor an IAM Role](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence/backdoor-an-iam-role.md): AWS persistence technique - [Generating Temporary AWS Credentials from IAM User](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence/generating-temporary-aws-credentials-from-iam-user.md): AWS persistence technique - [Generating Temporary Credentials from SSO Credentials File](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-persistence/generating-temporary-credentials-from-sso-credentials-file.md): AWS persistence technique - [AWS Privilege Escalation](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation.md): Leveraging AWS permissions for privilege escalation and compromise - [EC2](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/ec2.md): Abusable AWS EC2 permissions that can lead to compromise or privilege escalation - [Elastic Container Registry (ECR)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/elastic-container-registry-ecr.md): Abusable Amazon ECR permissions that can lead to compromise or privilege escalation - [Identity Access Management (IAM)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/permissions-abuse.md): Abusable AWS IAM permissions that can lead to compromise or privilege escalation - [IAM Trust Policies](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/attacks-techniques-and-tools.md): Abusable AWS IAM Trust Policies that can lead to compromise or privilege escalation - [Key Management Service (KMS)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/permissions-abuse-1.md): Abusable AWS KMS permissions that can lead to compromise or privilege escalation - [Lightsail](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/lightsail.md): Abusable AWS Secrets Manager permissions that can lead to compromise or privilege escalation - [OpenID Connect (OIDC)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/openid-connect-oidc.md): Abusing default or poorly configured Identity Provider IAM Trust Policies for privilege escalation - [RDS](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/rds.md): Abusable AWS EC2 permissions that can lead to compromise or privilege escalation - [S3](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/permissions-abuse-2.md): Abusable AWS S3 permissions that can lead to compromise or privilege escalation - [Secrets Manager](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/secrets-manager.md): Abusable AWS Secrets Manager permissions that can lead to compromise or privilege escalation - [Security Token Service (STS)](https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-privilege-escalation/sts.md): Abusable AWS STS permissions that can lead to compromise or privilege escalation - [AWS Defensive Security](https://www.techwithtyler.dev/cloud-security/aws/aws-defensive-security.md): AWS defensive security tactics and techniques - [AWS Organizations](https://www.techwithtyler.dev/cloud-security/aws/aws-defensive-security/aws-organizations.md): Capabilities related to and enabled by AWS Organizations - [Declarative Policies](https://www.techwithtyler.dev/cloud-security/aws/aws-defensive-security/aws-organizations/declarative-policies.md): Centrally declare and enforce your desired configuration for a given AWS service at scale across an organization - [AWS Incident Response](https://www.techwithtyler.dev/cloud-security/aws/aws-incident-response.md): Responding to AWS-related incidents - [Compromised IAM Credentials](https://www.techwithtyler.dev/cloud-security/aws/aws-incident-response/compromised-iam-credentials.md): How to respond to compromised IAM Credentials - [AWS Threat Matrix](https://www.techwithtyler.dev/cloud-security/aws/aws-threat-matrix.md): AWS attacks and techniques aligned to MITRE ATT\&CK Matrix - [AWS Services Info](https://www.techwithtyler.dev/cloud-security/aws/aws.md): General information about AWS and its services - [AI / Machine Learning](https://www.techwithtyler.dev/cloud-security/aws/aws/ai-machine-learning.md): AWS AI and Machine Learning Related Services - [Amazon Bedrock](https://www.techwithtyler.dev/cloud-security/aws/aws/ai-machine-learning/amazon-bedrock.md): Amazon Bedrock overview, attacks, and mitigations. - [Compute](https://www.techwithtyler.dev/cloud-security/aws/aws/compute.md): AWS Compute-Related Services - [EC2](https://www.techwithtyler.dev/cloud-security/aws/aws/compute/ec2.md): EC2 overview and attacks - [Containers](https://www.techwithtyler.dev/cloud-security/aws/aws/containers.md): AWS Container-Related Services - [Elastic Container Registry (ECR)](https://www.techwithtyler.dev/cloud-security/aws/aws/containers/elastic-container-registry-ecr.md): General information about Elastic Container Registry - [Database](https://www.techwithtyler.dev/cloud-security/aws/aws/database.md): AWS Database-Related Services - [RDS](https://www.techwithtyler.dev/cloud-security/aws/aws/database/rds.md): RDS overview - [Security](https://www.techwithtyler.dev/cloud-security/aws/aws/security.md): AWS Security-Related Services - [IAM](https://www.techwithtyler.dev/cloud-security/aws/aws/security/iam.md): IAM overview - [KMS](https://www.techwithtyler.dev/cloud-security/aws/aws/security/kms.md): KMS overview and attacks - [Serverless](https://www.techwithtyler.dev/cloud-security/aws/aws/serverless.md): AWS Serverless-Related Services - [SNS Topic](https://www.techwithtyler.dev/cloud-security/aws/aws/serverless/sns-topic.md): SNS overview and attacks - [Storage](https://www.techwithtyler.dev/cloud-security/aws/aws/storage.md): AWS Storage-Related Services - [S3](https://www.techwithtyler.dev/cloud-security/aws/aws/storage/general-info.md): General information about AWS S3 - [AWS CLI Cheat Sheet](https://www.techwithtyler.dev/cloud-security/aws/cli-cheat-sheet.md): Quick reference for commonly used commands - [Azure](https://www.techwithtyler.dev/cloud-security/azure.md) - [Azure CLI Cheat Sheet](https://www.techwithtyler.dev/cloud-security/azure/azure-cli-cheat-sheet.md): Quick reference for commonly used commands - [Azure Overview](https://www.techwithtyler.dev/cloud-security/azure/azure-overview.md): An overview of Azure's architecture - [Azure Identity & Access Management](https://www.techwithtyler.dev/cloud-security/azure/azure-identity-and-access-management.md): An overview of Azure IAM - [Azure Offensive Security](https://www.techwithtyler.dev/cloud-security/azure/azure-offensive-security.md) - [Azure Attacks and Techniques](https://www.techwithtyler.dev/cloud-security/azure/azure-offensive-security/azure-attacks-and-techniques.md): Demonstrating various attacks that can be performed on Azure - [Discover if Domain Associated with Entra ID / Microsoft 365](https://www.techwithtyler.dev/cloud-security/azure/azure-offensive-security/azure-attacks-and-techniques/discover-if-domain-associated-with-entra-id-microsoft-365.md): How to determine if a domain leverages Entra ID - [Discover Entra ID Tenant ID](https://www.techwithtyler.dev/cloud-security/azure/azure-offensive-security/azure-attacks-and-techniques/discover-entra-id-tenant-id.md): How to discover an Entra ID Tenant ID - [Azure Privilege Escalation](https://www.techwithtyler.dev/cloud-security/azure/azure-offensive-security/azure-privilege-escalation.md): Leveraging Azure permissions for privilege escalation and compromise - [SQL Database](https://www.techwithtyler.dev/cloud-security/azure/azure-offensive-security/azure-privilege-escalation/sql-database.md): Abusable Azure SQL Database permissions that can lead to compromise or privilege escalation - [Azure Services Info](https://www.techwithtyler.dev/cloud-security/azure/azure-services-info.md): General information about Azure and its services - [Compute](https://www.techwithtyler.dev/cloud-security/azure/azure-services-info/compute.md): Azure Compute-Related Services - [Azure Virtual Machines](https://www.techwithtyler.dev/cloud-security/azure/azure-services-info/compute/azure-virtual-machines.md): Overview of the Azure Virtual Machines service - [Databases](https://www.techwithtyler.dev/cloud-security/azure/azure-services-info/databases.md): Azure Database-Related Services - [Azure SQL Database](https://www.techwithtyler.dev/cloud-security/azure/azure-services-info/databases/azure-sql-database.md): Overview of the Azure SQL Database service - [Security](https://www.techwithtyler.dev/cloud-security/azure/azure-services-info/security.md): Azure Security-Related Services - [Azure Key Vault](https://www.techwithtyler.dev/cloud-security/azure/azure-services-info/security/azure-key-vault.md): Overview of the Azure Key Vault service - [Storage](https://www.techwithtyler.dev/cloud-security/azure/azure-services-info/storage.md): Azure Storage-Related Services - [Azure Storage Account](https://www.techwithtyler.dev/cloud-security/azure/azure-services-info/storage/azure-storage-account.md): Overview of the Azure Storage Account service - [Azure Blob Storage](https://www.techwithtyler.dev/cloud-security/azure/azure-services-info/storage/azure-blob-storage.md): Overview of the Azure Blob Storage service - [Capture the Flags (CTFs)](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs.md): A collection of CTF writeups - [Flaws.Cloud](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/flaws.cloud.md): A walkthrough of the CTF Flaws.Cloud - [Level 1](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/flaws.cloud/level-1.md): A CTF walkthrough for level 1 of Flaws.Cloud - [Level 2](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/flaws.cloud/level-2.md): A CTF walkthrough for level 2 of Flaws.Cloud - [Level 3](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/flaws.cloud/level-3.md): A CTF walkthrough for level 3 of Flaws.Cloud - [Level 4](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/flaws.cloud/level-4.md): A CTF walkthrough for level 4 of Flaws.Cloud - [Level 5](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/flaws.cloud/level-5.md): A CTF walkthrough for level 5 of Flaws.Cloud - [Level 6](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/flaws.cloud/level-6.md): A CTF walkthrough for level 6 of Flaws.Cloud - [PwnedLabs](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/pwnedlabs.md): A collection of capture-the-flag walkthroughs from PwnedLabs.io - [Escalate Privileges by IAM Policy Rollback](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/pwnedlabs/escalate-privileges-by-iam-policy-rollback.md): A walkthrough demonstrating how to abuse the IAM permission: SetDefaultPolicyVersion - [Exploiting Weak S3 Bucket Policies](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/pwnedlabs/exploiting-weak-s3-bucket-policies.md): A walkthrough demonstrating how weak S3 Bucket policies can lead to system compromise, data exposure and exfiltration. - [Leveraging S3 Bucket Versioning](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/pwnedlabs/leveraging-s3-bucket-versioning.md): A walkthrough demonstrating how S3 Bucket Versioning can lead to data exposure and exfiltration. - [S3 Enumeration Basics](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/pwnedlabs/s3-enumeration-basics.md): A walkthrough demonstrating how to enumerate S3, exploit a misconfiguration, and escalate privileges to obtain sensitive data. - [Pillage Exposed RDS Instances](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/pwnedlabs/pillage-exposed-rds-instances.md): A walkthrough demonstrating how to exfiltrate data from a public RDS instance. - [EC2 SSRF Attack](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/pwnedlabs/ec2-ssrf-attack.md): A walkthrough demonstrating a Server Side Request Forgery attack leading to credit card data exfiltration. - [Hunt for Secrets in Git Repos](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/pwnedlabs/hunt-for-secrets-in-git-repos.md): A walkthrough demonstrating the importance of preventing credentials being committed to git repositories. - [Cybr](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/cybr.md): A collection of capture-the-flag walkthroughs from cybr.com - [Challenge - Secrets Unleashed](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/cybr/challenge-secrets-unleashed.md): A walkthrough demonstrating how to abuse and escalate IAM permissions. - [WIZ - The Ultimate Cloud Security Championship](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/wiz-the-ultimate-cloud-security-championship.md) - [June 2025 - Perimeter Leak](https://www.techwithtyler.dev/cloud-security/capture-the-flags-ctfs/wiz-the-ultimate-cloud-security-championship/june-2025-perimeter-leak.md): A walkthrough of the WIZ Ultimate Cloud Security Championship for June 2025 - [Tools](https://www.techwithtyler.dev/cloud-security/tools.md) - [Tooling Index](https://www.techwithtyler.dev/cloud-security/tools/tooling-index.md): Useful tools I've come across - [dsnap](https://www.techwithtyler.dev/cloud-security/tools/dsnap.md): A tool for enumerating and downloading EBS snapshots - [Pacu](https://www.techwithtyler.dev/cloud-security/tools/pacu.md): Offensive security tool for exploiting configuration flaws in AWS - [s3-account-search](https://www.techwithtyler.dev/cloud-security/tools/s3-account-search.md): An overview of the tool s3-account-search which is able to accurately identify an AWS Account ID from an AWS S3 bucket name. - [GoAWSConsoleSpray](https://www.techwithtyler.dev/cloud-security/tools/goawsconsolespray.md): An overview of the tool GoAWSConsoleSpray which can password spray AWS IAM users. - [aws\_consoler](https://www.techwithtyler.dev/cloud-security/tools/aws_consoler.md) - [cloudenum](https://www.techwithtyler.dev/cloud-security/tools/cloudenum.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.techwithtyler.dev/cloud-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.