OBJECTIVE 03 — CLOUD COMPUTING ATTACK TOOLS AND TECHNIQUES
CLOUD ATTACK SURFACE (EXAM FOUNDATION)
Attack Surface
Cloud management console
APIs
IAM
Storage services
Virtual machines
Containers
Metadata services
MEMORY HOOK: Console + API + IAM = control
CLOUD RECONNAISSANCE TECHNIQUES
CLOUD ASSET DISCOVERY
Technique
Explanation
DNS enumeration
Identify cloud-hosted domains
IP range identification
Map provider IPs
Service fingerprinting
Detect cloud services
OSINT
Public cloud metadata
OSINT TOOLS FOR CLOUD RECON
Tool
Purpose
Shodan
Find cloud services
Censys
Discover exposed cloud assets
Amass
DNS enumeration
theHarvester
Email & domain info
MEMORY HOOK: Recon starts outside cloud
CLOUD MISCONFIGURATION DISCOVERY (TOP EXAM AREA)
STORAGE ENUMERATION
Target
Method
S3 buckets
Name guessing
Azure blobs
Public access checks
Google buckets
Enumeration
MEMORY HOOK: Public storage = data leak
COMMON MISCONFIGURATIONS
Misconfiguration
Public buckets
Over-permissive IAM
Open management ports
No logging enabled
Default credentials
CLOUD EXPLOITATION TECHNIQUES
IAM ATTACK TECHNIQUES (VERY IMPORTANT)
CREDENTIAL HARVESTING
Method
Phishing
Malware
GitHub secrets leakage
Metadata service abuse
MEMORY HOOK: Credentials = cloud access
PRIVILEGE ESCALATION IN CLOUD
Technique
Role chaining
Policy abuse
Misconfigured trust relationships
EXAM TRAP: Cloud privilege escalation is POLICY-based, not kernel-based.
MEMORY HOOK: Policies = power
METADATA SERVICE ATTACKS (HIGH-YIELD)
WHAT IS METADATA SERVICE
Item
Explanation
Metadata service
Internal endpoint providing instance info
Access
No authentication from VM
ATTACK METHOD
Step
Exploit SSRF
Query metadata endpoint
Extract credentials
MEMORY HOOK: SSRF → metadata → creds
CLOUD MALWARE INJECTION
Step
Inject malicious service
Register as valid instance
Execute payload
VM ATTACK TECHNIQUES
Technique
Snapshot abuse
Disk image extraction
VM cloning
CONTAINER ATTACK TECHNIQUES
CONTAINER ESCAPE
Cause
Privileged containers
Kernel vulnerabilities
Misconfigured namespaces
MEMORY HOOK: Container ≠ VM
IMAGE POISONING
Method
Backdoored images
Public registries
CLOUD-SPECIFIC ATTACK TOOLS (EXAM LIST)
AWS ATTACK TOOLS
Tool
Purpose
Pacu
AWS exploitation framework
Prowler
AWS security auditing
ScoutSuite
Multi-cloud auditing
CloudMapper
AWS visualization
AZURE ATTACK TOOLS
Tool
Purpose
MicroBurst
Azure penetration testing
Stormspotter
Azure attack path mapping
GCP ATTACK TOOLS
Tool
Purpose
GCPBucketBrute
Bucket enumeration
GCPEnum
Resource discovery
GENERIC CLOUD TOOLS
Tool
Purpose
Metasploit
Cloud exploitation
Nuclei
Misconfiguration scanning
Burp Suite
API testing
CLOUD API ATTACKS (CRITICAL)
API ATTACK TECHNIQUES
Technique
Broken authentication
Broken authorization
Excessive data exposure
Injection attacks
MEMORY HOOK: APIs are the cloud
CLOUD ATTACK FLOW (EXAM LOGIC)
OSINT and recon
Identify misconfiguration
Exploit IAM/API
Escalate privileges
Persist via keys or roles
MEMORY HOOK: Find → Misconfig → IAM → Persist
CLOUD LOG EVASION TECHNIQUES
Technique
Disable logging
Delete trails
Rotate keys
EXAM TRAP: Logging deletion is a red flag in exams.
EXAM TRAPS (VERY IMPORTANT)
Trap
Correct Understanding
VM escape is common
False
IAM attacks need exploits
False
Cloud attacks are network-based
False
Encryption stops attackers
False
OBJECTIVE 03 — EXAM MEMORY BLOCK
Cloud attacks focus on IAM misuse, API abuse, and misconfiguration. Metadata services expose credentials. Most privilege escalation is policy-based. Attackers persist using keys and roles.