conducting-cloud-infrastructure-penetration-test

Installation
SKILL.md

Conducting Cloud Infrastructure Penetration Test

Overview

Cloud infrastructure penetration testing identifies security weaknesses in AWS, Azure, and GCP environments by targeting IAM policies, storage configurations, compute instances, serverless functions, network controls, and Kubernetes clusters. Cloud-specific attack vectors include over-privileged IAM roles, misconfigured storage buckets, exposed metadata services, insecure API endpoints, and lateral movement through cloud service chains.

Prerequisites

  • Written authorization and cloud provider notification (AWS penetration testing policy, Azure rules, GCP terms)
  • Cloud credentials with read-only access (assumed breach model) or unauthenticated external testing
  • Tools: Pacu (AWS), ScoutSuite, Prowler, AzureHound, GCPBucketBrute, CloudMapper
  • Understanding of shared responsibility model for each provider

AWS Penetration Testing

Initial Enumeration

Installs
11
GitHub Stars
25.0K
First Seen
Mar 15, 2026
conducting-cloud-infrastructure-penetration-test — mukul975/anthropic-cybersecurity-skills