daffainfo
/
PayloadsAllTheThings
mirror of https://github.com/daffainfo/PayloadsAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix Cloud references

patch-1
Swissky 2020-02-21 10:47:16 +01:00
parent 984078050b
commit bda7100a77
2 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Methodology and Resources/Cloud - AWS.md → Methodology and Resources/Cloud - AWS Pentest.md
View File

@ -351,11 +351,11 @@ https://github.com/DenizParlak/Zeus
## References
* https://www.gracefulsecurity.com/an-introduction-to-penetration-testing-aws/
* https://www.cyberark.com/threat-research-blog/cloud-shadow-admin-threat-10-permissions-protect/
* https://github.com/toniblyx/my-arsenal-of-aws-security-tools
* https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/
* AWS CLI Cheatsheet https://gist.github.com/apolloclark/b3f60c1f68aa972d324b
* https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/
* https://www.youtube.com/watch?v=XfetW1Vqybw&feature=youtu.be&list=PLBID4NiuWSmfdWCmYGDQtlPABFHN7HyD5
* https://pumascan.com/resources/cloud-security-instance-metadata/
* [An introduction to penetration testing AWS - Graceful Security](https://www.gracefulsecurity.com/an-introduction-to-penetration-testing-aws/)
* [Cloud Shadow Admin Threat 10 Permissions Protect - CyberArk](https://www.cyberark.com/threat-research-blog/cloud-shadow-admin-threat-10-permissions-protect/)
* [My arsenal of AWS Security tools - toniblyx](https://github.com/toniblyx/my-arsenal-of-aws-security-tools)
* [AWS Privilege Escalation method mitigation - RhinoSecurityLabs](https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/)
* [AWS CLI Cheatsheet - apolloclark](https://gist.github.com/apolloclark/b3f60c1f68aa972d324b)
* [Pacu Open source AWS Exploitation framework - RhinoSecurityLabs](https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/)
* [PACU Spencer Gietzen - 30 juil. 2018](https://www.youtube.com/watch?v=XfetW1Vqybw&feature=youtu.be&list=PLBID4NiuWSmfdWCmYGDQtlPABFHN7HyD5)
* [Cloud security instance metadata - PumaScan](https://pumascan.com/resources/cloud-security-instance-metadata/)

22
Methodology and Resources/Cloud - Azure.md → Methodology and Resources/Cloud - Azure Pentest.md
View File

@ -389,7 +389,7 @@ NOTE: By default, O365 has a lockout policy of 10 tries, and it will lock out an
<UserState>2</UserState>
<Login>firstname.lastname@domain.com</Login>
<NameSpaceType>Federated</NameSpaceType>
<DomainName>axa.com</DomainName>
<DomainName>domain.com</DomainName>
<FederationGlobalVersion>-1</FederationGlobalVersion>
<AuthURL>
https://fws.domain.com/o365/visfed/intrdomain/se/?username=firstname.lastname%40domain.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=
@ -400,13 +400,13 @@ NOTE: By default, O365 has a lockout policy of 10 tries, and it will lock out an
## References
* https://www.gracefulsecurity.com/an-introduction-to-pentesting-azure/
* https://blog.netspi.com/running-powershell-scripts-on-azure-vms/
* https://blog.netspi.com/attacking-azure-cloud-shell/
* https://blog.netspi.com/maintaining-azure-persistence-via-automation-accounts/
* https://www.smartspate.com/detecting-an-attacks-on-active-directory-with-azure/
* Azure AD Overview www.youtube.com/watch?v=l_pnNpdxj20
* Windows Azure Active Directory in plain English www.youtube.com/watch?v=IcSATObaQZE
* Building Free Active Directory Lab in Azure https://medium.com/@kamran.bilgrami/ethical-hacking-lessons-building-free-active-directory-lab-in-azure-6c67a7eddd7f
* https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a
* https://blog.xpnsec.com/azuread-connect-for-redteam/
* [An introduction to penetration testing Azure - Graceful Security](https://www.gracefulsecurity.com/an-introduction-to-penetration-testing-azure/)
* [Running POwershell scripts on Azure VM - Netspi](https://blog.netspi.com/running-powershell-scripts-on-azure-vms/)
* [Attacking Azure Cloud shell - Netspi](https://blog.netspi.com/attacking-azure-cloud-shell/)
* [Maintaining Azure Persistence via automation accounts - Netspi](https://blog.netspi.com/maintaining-azure-persistence-via-automation-accounts/)
* [Detecting an attacks on active directory with Azure - Smartspate](https://www.smartspate.com/detecting-an-attacks-on-active-directory-with-azure/)
* [Azure AD Overview](https://www.youtube.com/watch?v=l_pnNpdxj20)
* [Windows Azure Active Directory in plain English](https://www.youtube.com/watch?v=IcSATObaQZE)
* [Building Free Active Directory Lab in Azure - @kamran.bilgrami](https://medium.com/@kamran.bilgrami/ethical-hacking-lessons-building-free-active-directory-lab-in-azure-6c67a7eddd7f)
* [Attacking Azure/Azure AD and introducing Powerzure - SpecterOps](https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a)
* [Azure AD connect for RedTeam - @xpnsec](https://blog.xpnsec.com/azuread-connect-for-redteam/)