With the increase of remote work, the decrease of on-premise applications support, and the need for cost efficiency, cloud is increasingly become the environment to implement all the services a business needs or offers. And as such, it needs to be secure, especially considering the "It's someone else's computer" fact.

This session, will give an overview on how different vendor manage their Idenities, Authentication, privileges and their services.

We will see how to do reconnaissance, enumeration, exploitation and post exploitation, persistence and exfiltration of information on AWS, Azure and GCP Cloud Infrastructures.

For reconnaisance, we will start by abusing different "features" in Cloud Vendors to find working services and users:
• AWS and GCP Bucket bruteforce
• Azure Services running by resolving hosts
• Check for Azure usage on a domain
• Fuzz users
• Access open buckets using OSINT

For initial access, we will get started using:
• Password spraying
• Phishing
• Finding credentials on code repositories
• Leveraging RCE and SSRF to access machine identities from meta data

For enumeration, we will start exploiting default privileges and check extra privileges from users:
• Azure default privileges
• Azure Reader, Contributor and Owner Permissions
• AWS User, Groups and Role Policies
• Enumerate virtual machines
• Enumerate Lambda and Azure Functions

For privilege escalation, we will see what privileges the identities have and leverage them to get higher privileges:
• Shadow Admins
• Access to storage
• Credentials on IoC code and User Data
• Privesc using Cloud Functions

For exfiltration, we will leverage our own buckets to collect and exfiltrate information from a target

For persistence, we will:
• Persist with a custom Container
• Persist with another Access ID
• Persist with Machine User Data
• Persist with IaC

By the end, we will have an idea on how to perform a pentest on cloud infrastructures and what misconfigurations can lead to compromises.