conducting-cloud-infrastructure-penetration-test
Installation
SKILL.md
Conducting Cloud Infrastructure Penetration Test
Overview
Cloud infrastructure penetration testing identifies security weaknesses in AWS, Azure, and GCP environments by targeting IAM policies, storage configurations, compute instances, serverless functions, network controls, and Kubernetes clusters. Cloud-specific attack vectors include over-privileged IAM roles, misconfigured storage buckets, exposed metadata services, insecure API endpoints, and lateral movement through cloud service chains.
Prerequisites
- Written authorization and cloud provider notification (AWS penetration testing policy, Azure rules, GCP terms)
- Cloud credentials with read-only access (assumed breach model) or unauthenticated external testing
- Tools: Pacu (AWS), ScoutSuite, Prowler, AzureHound, GCPBucketBrute, CloudMapper
- Understanding of shared responsibility model for each provider