Skip to main content

Cloud Pentest — AWS, Azure, GCP

In 2026, 70%+ of corporate infrastructure lives in cloud. If your methodology is still nmap + on-prem AD, you’re missing most of the perimeter. 99% of cloud breaches through 2025 come from customer misconfigurations, not provider flaws (Gartner).
The three clouds share concept (shared responsibility, identities, ephemeral tokens) but diverge entirely in their permission model. Attacking AWS with Azure mindset misses 80% of real vectors.

Shared responsibility — pentester boundary

Pentester boundary per the “Customer Support Policy for Penetration Testing”:
  • AWS: EC2, RDS, CloudFront, Aurora, API Gateway, Lambda, Lightsail, Elastic Beanstalk without pre-approval. DDoS and DNS-attack simulation still require a form.
  • Azure: any tenant resource without prior notice since 2022, except sustained DDoS > 200 Gbps.
  • GCP: “Customer Projects in Scope” policy.

AWS — Top 10 exploitable vectors 2026

1. SSRF to IMDSv1 (vs IMDSv2 with hop-limit)

IMDSv2 requires PUT with TTL=1, killing classic SSRF via reverse proxies. Still exploitable when: app follows HTTP redirects, SSRF is at app layer (not proxy), IMDSv1 still enabled on old AMIs, or hop-limit was raised to 2 to support containers.

2. IAM Privilege Escalation (Rhino’s 21+ paths)

Rhino Security Labs catalogs 21 base paths + extensions. Examples: iam:CreateAccessKey, iam:CreateLoginProfile, iam:UpdateAssumeRolePolicy, iam:AttachUserPolicy, iam:PutUserPolicy, lambda:CreateFunction + iam:PassRole, sagemaker:CreateNotebookInstance + iam:PassRole, glue:CreateDevEndpoint + iam:PassRole, ec2:RunInstances + iam:PassRole.

3. Public S3 buckets (how it still happens in 2026)

Despite “Block Public Access” by default since 2023: GrayHatWarfare indexed >270,000 sensitive PDFs from NACH bank in August 2025; 23% of cloud incidents 2025 come from misconfigured buckets.

4. Lambda with plaintext env vars

Anyone with lambda:GetFunction reads env vars; in CloudFormation visible via cloudformation:GetTemplate.

5. SSM Session Manager abuse

ssm:StartSession + ec2:DescribeInstances jumps to any EC2. New 2023-2025: SSM agent can register on attacker account and act as cross-account RAT without victim’s CloudTrail.

6. Cross-account confused deputy

Service assuming cross-account role without sts:ExternalId or aws:SourceAccount condition. Typical SaaS integration pattern.

7. Cognito misconfiguration

Identity Pool with guest access grants STS creds without login. 2025 vulnerability: email attribute mutation in valid token allows ATO by changing email to victim.

8. CloudTrail blind spots

Whitespace-padding (Permiso): IAM policies between 102,401 and 131,072 chars cause requestParameters to log as omitted:true. Adversaries use PutEventSelectors, StopEventDataStoreIngestion, PutInsightSelectors instead of classic StopLogging.

9. ECS/EKS escape vectors

ECScape (Sweet Security 2025): a low-priv ECS container impersonates the ECS agent and obtains creds for the task execution role + neighbor tasks via 169.254.170.2.

10. Post-exploitation stack


Azure — Top 10 exploitable vectors 2026

1. Entra ID device code phishing

Storm-2372 (Feb 2025) and AI-enabled device code campaigns (April 2026) consolidate device code flow as dominant vector.

2. App Registrations with secrets in repos

Search clientSecret, client_secret, app_secret + tenant GUID on GitHub/Sourcegraph. With (tenantId, clientId, clientSecret) you request Graph token and act as the app.

3. Managed Identities abuse

VM/Function/App Service with MI requests token from 169.254.169.254 (System-assigned) or IDENTITY_ENDPOINT (User-assigned). MI with Contributor or Key Vault Secrets User = full lateral movement.

4. Azure Functions privilege escalation

CVE-2025-59273 (Event Grid) allows unvalidated payloads in Functions/Logic Apps. CVE-2025-62207 (Azure Monitor) SSRF → privesc. Historically “Royal Flush”: Functions containers with --privileged allowed host escape.

5. Storage Account anonymous access

Anonymous listing via ?restype=container&comp=list. STORM-0501 (2025 ransomware campaign) uses this for exfil.

6. Key Vault permission misconfigs

Contributor can modify KV Access Policies (legacy model) and read secrets without being formally KV-admin.

7. Conditional Access bypass

CVE-2025-55241 (Dirk-jan Mollema, July 2025): cross-tenant tokens evading CA. Generic vectors: legacy User Agents, IPs from non-excluded ranges, FOCI app swap.

8. PIM elevation abuse

PIM URLs accessible even with “Restrict access to Microsoft Entra admin center” enabled. Compromised user with eligible role + token prior to PIM activation can activate role without MFA in some cases.

9. Lateral movement Entra → on-prem AD Connect

The AD Connect server holds the MSOL_<random> account with DCSync rights. Local admin on Sync server → aadconnectdump or AADInternals extract encrypted creds → DCSync → on-prem DA.

10. Post-exploitation stack


GCP — Top vectors

1. Service Account keys leakage

SAs with JSON keys in repos / public S3. Key doesn’t expire by default.

2. Compute Engine metadata SSRF

GCP requires Metadata-Flavor: Google header since 2019. Key endpoint: http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token.

3. IAM hierarchy escalation

Key permissions for full privesc:
  • iam.serviceAccountTokenCreator — generate tokens for any SA
  • iam.serviceAccountKeyAdmin — create new keys
  • cloudfunctions.functions.update + actAs — pivot to arbitrary SA
  • compute.instances.setMetadata — inject SSH key in startup script

4. ConfusedFunction (Tenable 2024)

Creating/updating Cloud Function attaches the SA <projnum>@cloudbuild.gserviceaccount.com with default Editor role, allowing escalation to project Editor.

5. OSINT and post-exploitation stack


Modern tooling 2026


Cloud-specific OSINT

S3 bucket enum

GitHub dorking — 2026 regex

GitGuardian: 28.65M secrets leaked publicly on GitHub in 2025, +34% YoY.

GrayHatWarfare + SourceGraph


Reporting cloud findings

Applicable CVSS (with cloud context)

Always combine with EPSS (30-day exploit probability) and business context.

Quantifying impact

  • Billing abuse: hourly cost of malicious instances (BTC mining: a p3.16xlarge runs ~25 USD/h). Project to 30/90 days if account stays compromised.
  • Data exfil: bucket size × egress price ($0.09/GB outbound AWS) + regulatory data value.
  • Resource hijacking / LLMjacking (2024-2025): Bedrock invokeModel, Azure OpenAI = massive billing.

GDPR in cloud

  • Art. 33 72h breach notification applies to cloud customer (still Data Controller).
  • International transfers: map regions — use EU-only (eu-west-3, westeurope, europe-west1) and verify SCC + TIA post Schrems II.
  • Art. 32 technical measures: SSE-KMS (CMK), TLS 1.2+, pseudonymization, mandatory MFA, traceability.
  • Mandatory DPIA if cloud system processes special categories at scale (Art. 35).

Resources