gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-04-28 12:03:08 -07:00
Code Issues Packages Projects Releases Wiki Activity
942 Commits 21 Branches 17 Tags
cccacb7ee17fe04099f5e9894edc5b2148cdce96
Commit Graph

496 Commits

Author SHA1 Message Date
Oussama Ait Manssour
9f57fc7119 Rename src/pentesting-cloud/aws-security/aws-privilege-escalation/src/pentesting-cloud/aws-security /aws-bedrock-agentcore-privesc.md to src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-bedrock-agentcore-privesc/README.md 2026-02-12 11:04:17 +01:00
Oussama Ait Manssour
70738d211e Revise AWS Bedrock AgentCore Code Interpreter documentation 
Updated the AWS Bedrock AgentCore documentation to clarify the Code Interpreter Role Pivot technique, including details on preconditions, required IAM actions, exploitation flow, and mitigation strategies.
 2026-02-12 00:06:33 +01:00
Ben
2bb1292912 Remove countermeasures from GCP privilege escalation doc 
Removed countermeasures section from GCP privilege escalation documentation.
 2026-02-09 16:16:44 -06:00
Ben
0be98dc154 Remove hacktricks-training banner from documentation 
Removed the inclusion of hacktricks-training banner from the GCP privilege escalation documentation.
 2026-02-09 16:12:22 -06:00
Ben
6b1b2329c2 Clean up GCP Cloud Workstations privilege escalation doc 
Removed introductory content and references related to Cloud Workstations.
 2026-02-09 16:10:20 -06:00
Ben
4a16d25bfe Add GCP Cloud Workstations privesc guide 
Add a new guide documenting privilege escalation paths for GCP Cloud Workstations. Covers Docker-in-Docker container breakout via /var/run/docker.sock, step-by-step escape to the host VM, stealing the VM service account token from IMDS, persistence by backdooring the host home, network pivot techniques, and recommended countermeasures. Includes reference to an automation script and training banners.
 2026-02-09 16:08:37 -06:00
Carlos Polop
6918c5539d f 2026-02-05 13:33:06 +01:00
Carlos Polop
a539034c29 f 2026-02-05 13:15:58 +01:00
Aayush Samriya
ab13130748 Fix typo in S3 encryption method 
This PR fixes a typo in the "Amazon Athena" section regarding supported S3 encryption methods.

The text currently states:
> "SSE-C and CSE-E are not supported."

"CSE-E" is not a valid AWS encryption acronym. The document previously defines **Client-side encryption with customer provided keys** as **CSE-C**.

Since Athena does not support client-side encryption where the key is managed entirely by the customer (without KMS), **CSE-C** is the correct term to pair with SSE-C as unsupported methods.
 2026-02-05 11:29:39 +05:30
HackTricks News Bot
3b110bdefe Add content from: GatewayToHeaven: Finding a Cross-Tenant Vulnerability in GCP... 2026-02-03 19:00:44 +00:00
Carlos Polop
a5e792e60a PRs public codebuild abuse 2026-02-03 13:42:01 +01:00
HackTricks News Bot
6be7ed9238 Add content from: Threat Actors Using AWS WorkMail in Phishing Campaigns 2026-01-27 18:48:13 +00:00
HackTricks News Bot
e19da8e90c Add content from: nodes/proxy GET → Kubelet /exec RCE via WebSocket handshake ... 2026-01-27 01:48:53 +00:00
HackTricks News Bot
41b59810d8 Add content from: SharePointDumper 2026-01-27 01:46:05 +00:00
SrFlipFlop
26a50a62d0 While I was doing the ARTE lab on Step Functions, I noticed that some Hacktricks commands were incorrect or should be using an earlier version of AWS CLI. Changed aws states for aws stepfunctions. 2026-01-22 17:36:06 +01:00
Carlos Polop
349afe720a Restore enumeration commands in Azure network doc 2026-01-21 21:36:00 +01:00
HackTricks News Bot
5642a68eb9 Add content from: DNS OverDoS: Are Private Endpoints Too Private? 2026-01-21 21:34:34 +01:00
SirBroccoli
4ba2a825c6 Merge pull request #248 from Jacob-Ham/automation-accounts-addition 
Added azure rest command for webhook creation.
 2026-01-21 21:28:23 +01:00
Carlos Polop
12bbfb1041 f 2026-01-21 21:07:17 +01:00
Jacob H
9d5350dc2e Added runOn key for hybrid worker. 
Updated az rest command to specify hybrid worker with runOn
 2026-01-18 10:14:15 -06:00
Jacob H
b782a5ebb8 Added azure rest command for webhook creation. 
Clarified commands for creating webhooks in Azure Automation by adding the Azure CLI REST method.
 2026-01-18 09:50:01 -06:00
SirBroccoli
6ced6574a0 Merge pull request #246 from HackTricks-wiki/update_Infiltrating_the_AWS_Console_Supply_Chain__Hijacki_20260116_124313 
Infiltrating the AWS Console Supply Chain Hijacking Core AWS...
 2026-01-18 15:58:08 +01:00
SirBroccoli
7f7f8b3183 Merge branch 'master' into update_Holiday_Hack_Challenge_2025__Act_1__-_Spare_Key_20260106_124916 2026-01-18 15:56:29 +01:00
SirBroccoli
e8e5deb803 Merge pull request #245 from Jacob-Ham/master 
Added AzCLI command for retrieving static web app secrets
 2026-01-18 12:44:44 +01:00
Carlos Polop
df0aaa9a31 clier 2026-01-18 12:44:12 +01:00
HackTricks News Bot
a41dc4c89f Add content from: Infiltrating the AWS Console Supply Chain: Hijacking Core AW... 2026-01-16 12:44:49 +00:00
Jacob H
470a130c16 Added AzCLI command for retrieving static web app secrets 2026-01-13 12:29:34 -06:00
SirBroccoli
ce30a61d98 Update az-storage.md 2026-01-13 15:55:00 +01:00
SirBroccoli
76162d9fa6 Merge pull request #239 from HackTricks-wiki/update_Holiday_Hack_Challenge_2025__Blob_Storage__Storage_20260106_124314 
Holiday Hack Challenge 2025 Blob Storage (Storage Secrets)
 2026-01-13 15:52:35 +01:00
Carlos Polop
b5aa9c1fdf new ecs attack 2026-01-13 15:06:31 +01:00
SirBroccoli
b5d79daf09 Merge pull request #238 from HackTricks-wiki/update_ECS_on_EC2__Covering_Gaps_in_IMDS_Hardening_20251229_015227 
ECS on EC2 Covering Gaps in IMDS Hardening
 2026-01-13 14:55:32 +01:00
ryotaromatsui
8ef4c150cf rds-CreateBlueGreenDeployment_passrole privsc 2026-01-12 12:09:28 +09:00
HackTricks News Bot
c86885ebe6 Add content from: Holiday Hack Challenge 2025 (Act 1) - Spare Key 2026-01-06 12:50:55 +00:00
HackTricks News Bot
f9b181a878 Add content from: Holiday Hack Challenge 2025: Blob Storage (Storage Secrets) 2026-01-06 12:45:55 +00:00
HackTricks News Bot
5d49e53711 Add content from: ECS on EC2: Covering Gaps in IMDS Hardening 2025-12-29 01:57:16 +00:00
Carlos Polop
ca809b9df1 Merge branch 'master' of github.com:HackTricks-wiki/hacktricks-cloud 2025-12-26 19:43:21 +01:00
Carlos Polop
814b848e97 f 2025-12-26 19:43:02 +01:00
JaimePolop
e225449b09 api management 2025-12-23 14:13:30 +01:00
Carlos Polop
577457e9ab f 2025-12-17 11:01:25 +01:00
carlospolop
b0aba5fc28 f 2025-12-08 12:32:15 +01:00
carlospolop
9eb7c3bdb7 Merge branch 'master' of github.com:HackTricks-wiki/hacktricks-cloud 2025-12-07 16:33:18 +01:00
carlospolop
dc670100de f 2025-12-07 16:33:16 +01:00
SirBroccoli
8bacb08085 Update gcp-firebase-privesc.md 2025-12-07 12:15:37 +01:00
HackTricks News Bot
8e8b21ce8a Add content from: PromptPwnd: Prompt Injection Vulnerabilities in GitHub Actio... 2025-12-05 01:53:48 +00:00
carlospolop
06433f955b f 2025-12-04 11:22:50 +01:00
carlospolop
e5b25a908b f 2025-11-30 13:15:11 +01:00
carlospolop
55afbe81c4 pe - azure 2025-11-28 10:42:46 +01:00
JaimePolop
b6af849e11 fix 2025-11-26 17:22:08 +01:00
SirBroccoli
862cfc7732 Update gcp-cloud-run-post-exploitation.md 2025-11-26 17:12:13 +01:00
JaimePolop
5380f79daf GCP update 2025-11-25 17:13:06 +01:00