Cloud Pentest — AWS, Azure, GCP
In 2026, 70%+ of corporate infrastructure lives in cloud. If your methodology is stillnmap + on-prem AD, you’re missing
most of the perimeter. 99% of cloud breaches through 2025
come from customer misconfigurations, not provider flaws
(Gartner).
The three clouds share concept (shared responsibility,
identities, ephemeral tokens) but diverge entirely in their
permission model. Attacking AWS with Azure mindset misses 80% of
real vectors.
Shared responsibility — pentester boundary
Pentester boundary per the “Customer Support Policy for
Penetration Testing”:
- AWS: EC2, RDS, CloudFront, Aurora, API Gateway, Lambda, Lightsail, Elastic Beanstalk without pre-approval. DDoS and DNS-attack simulation still require a form.
- Azure: any tenant resource without prior notice since 2022, except sustained DDoS > 200 Gbps.
- GCP: “Customer Projects in Scope” policy.
AWS — Top 10 exploitable vectors 2026
1. SSRF to IMDSv1 (vs IMDSv2 with hop-limit)
IMDSv2 requires PUT with TTL=1, killing classic SSRF via reverse proxies. Still exploitable when: app follows HTTP redirects, SSRF is at app layer (not proxy), IMDSv1 still enabled on old AMIs, or hop-limit was raised to 2 to support containers.2. IAM Privilege Escalation (Rhino’s 21+ paths)
Rhino Security Labs catalogs 21 base paths + extensions. Examples:iam:CreateAccessKey, iam:CreateLoginProfile,
iam:UpdateAssumeRolePolicy, iam:AttachUserPolicy,
iam:PutUserPolicy, lambda:CreateFunction + iam:PassRole,
sagemaker:CreateNotebookInstance + iam:PassRole,
glue:CreateDevEndpoint + iam:PassRole, ec2:RunInstances + iam:PassRole.
3. Public S3 buckets (how it still happens in 2026)
Despite “Block Public Access” by default since 2023: GrayHatWarfare indexed >270,000 sensitive PDFs from NACH bank in August 2025; 23% of cloud incidents 2025 come from misconfigured buckets.4. Lambda with plaintext env vars
Anyone withlambda:GetFunction reads env vars; in
CloudFormation visible via cloudformation:GetTemplate.
5. SSM Session Manager abuse
ssm:StartSession + ec2:DescribeInstances jumps to any EC2.
New 2023-2025: SSM agent can register on attacker account and
act as cross-account RAT without victim’s CloudTrail.
6. Cross-account confused deputy
Service assuming cross-account role withoutsts:ExternalId or
aws:SourceAccount condition. Typical SaaS integration pattern.
7. Cognito misconfiguration
Identity Pool with guest access grants STS creds without login. 2025 vulnerability:email attribute mutation in valid token
allows ATO by changing email to victim.
8. CloudTrail blind spots
Whitespace-padding (Permiso): IAM policies between 102,401 and 131,072 chars causerequestParameters to log as
omitted:true. Adversaries use PutEventSelectors,
StopEventDataStoreIngestion, PutInsightSelectors instead of
classic StopLogging.
9. ECS/EKS escape vectors
ECScape (Sweet Security 2025): a low-priv ECS container impersonates the ECS agent and obtains creds for the task execution role + neighbor tasks via169.254.170.2.
10. Post-exploitation stack
Azure — Top 10 exploitable vectors 2026
1. Entra ID device code phishing
Storm-2372 (Feb 2025) and AI-enabled device code campaigns (April 2026) consolidate device code flow as dominant vector.2. App Registrations with secrets in repos
SearchclientSecret, client_secret, app_secret + tenant
GUID on GitHub/Sourcegraph. With (tenantId, clientId, clientSecret)
you request Graph token and act as the app.
3. Managed Identities abuse
VM/Function/App Service with MI requests token from169.254.169.254 (System-assigned) or IDENTITY_ENDPOINT
(User-assigned). MI with Contributor or Key Vault Secrets User = full lateral movement.
4. Azure Functions privilege escalation
CVE-2025-59273 (Event Grid) allows unvalidated payloads in Functions/Logic Apps. CVE-2025-62207 (Azure Monitor) SSRF → privesc. Historically “Royal Flush”: Functions containers with--privileged allowed host escape.
5. Storage Account anonymous access
Anonymous listing via?restype=container&comp=list.
STORM-0501 (2025 ransomware campaign) uses this for exfil.
6. Key Vault permission misconfigs
Contributor can modify KV Access Policies (legacy model) and
read secrets without being formally KV-admin.
7. Conditional Access bypass
CVE-2025-55241 (Dirk-jan Mollema, July 2025): cross-tenant tokens evading CA. Generic vectors: legacy User Agents, IPs from non-excluded ranges, FOCI app swap.8. PIM elevation abuse
PIM URLs accessible even with “Restrict access to Microsoft Entra admin center” enabled. Compromised user with eligible role + token prior to PIM activation can activate role without MFA in some cases.9. Lateral movement Entra → on-prem AD Connect
The AD Connect server holds theMSOL_<random> account with
DCSync rights. Local admin on Sync server → aadconnectdump or
AADInternals extract encrypted creds → DCSync → on-prem DA.
10. Post-exploitation stack
GCP — Top vectors
1. Service Account keys leakage
SAs with JSON keys in repos / public S3. Key doesn’t expire by default.2. Compute Engine metadata SSRF
GCP requiresMetadata-Flavor: Google header since 2019. Key
endpoint:
http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token.
3. IAM hierarchy escalation
Key permissions for full privesc:iam.serviceAccountTokenCreator— generate tokens for any SAiam.serviceAccountKeyAdmin— create new keyscloudfunctions.functions.update + actAs— pivot to arbitrary SAcompute.instances.setMetadata— inject SSH key in startup script
4. ConfusedFunction (Tenable 2024)
Creating/updating Cloud Function attaches the SA<projnum>@cloudbuild.gserviceaccount.com with default Editor
role, allowing escalation to project Editor.
5. OSINT and post-exploitation stack
Modern tooling 2026
Cloud-specific OSINT
S3 bucket enum
GitHub dorking — 2026 regex
GrayHatWarfare + SourceGraph
Reporting cloud findings
Applicable CVSS (with cloud context)
Always combine with EPSS (30-day exploit probability) and
business context.
Quantifying impact
- Billing abuse: hourly cost of malicious instances (BTC
mining: a
p3.16xlargeruns ~25 USD/h). Project to 30/90 days if account stays compromised. - Data exfil: bucket size × egress price (
$0.09/GBoutbound AWS) + regulatory data value. - Resource hijacking / LLMjacking (2024-2025): Bedrock invokeModel, Azure OpenAI = massive billing.
GDPR in cloud
- Art. 33 72h breach notification applies to cloud customer (still Data Controller).
- International transfers: map regions — use EU-only (eu-west-3, westeurope, europe-west1) and verify SCC + TIA post Schrems II.
- Art. 32 technical measures: SSE-KMS (CMK), TLS 1.2+, pseudonymization, mandatory MFA, traceability.
- Mandatory DPIA if cloud system processes special categories at scale (Art. 35).
Resources
- Hacking The Cloud — Wiki by Rhino
- Datadog Security Labs
- Wiz Cloud Threat Reports
- NetSPI Cloud Pentesting blog
- Bishop Fox CloudFox
- Rhino — AWS IAM PrivEsc
- Rhino — GCP IAM PrivEsc
- Microsoft Storm-2372
- Tenable — ConfusedFunction
Related resources
- Professional web recon — Passive, fingerprinting, type confusion (common to cloud).
- Tactical glossary — IAM, JA3, SSRF.
- Report template — CVSS and GDPR.