IAM uses the following prefixes to indicate what type of resource each unique ID applies to:

Below you find various addresses and info to different cloud provider, and how to access it. IMDSv1 is the most famous one, known for instance in correlation with SSRF and the CapitalOne bank. The list below helped me in the past to keep track on the things.

Tiny write-up about CIDR notation an nets.

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

Prevent Creation of AWS Shadow Admins by giving attention on the following IAM permissions that can lead to shadow admin privileges in different ways:

This tiny Python script helps to derive netmask, netmask in binary, number of hosts, network- and host bits from a passed ip address with CIDR range. To make the life a little easier there is an optional pretty print option. Otherwise jq or fx are nice to prettify the JSON.

Besides sources like cloudcraft.io, I felt the need for some easy templates to draw AWS architecture diagrams - what’s easier then doing it in a ppt?

An old evergreen in messing around with XSS. Instead of a lousy alert() box, let the Website dance and shake to some fancy music. Let’s do the Harlem Shake

From time to time it’s very helpful to run the bash in strict mode. Sadly I forget some of the ‘set’ options from time to time. So better save it as a memory

The following code will attempt to enumerate operations that a given set of AWS AccessKeys can perform. A more mature Version of this script can be found here anyway let’s dive in:

To train the CloudSec skills there are some very nice challenges out there in the wild:

It’s not DNS
There’S no way it’s DNS
It was DNS
-SSBroski

jq is useful to slice, filter, map and transform structured json data. It can also help to pretty print data in the terminal. The fancy alternative to view JSON data in the terminal is fx

The NSA and CISA (Cybersecurity & Infrastructure Security Agency) startet an awesome new project and publish known exploited vulnerabilities as a JSON list with plenty of valuable info to bring up your shields.

To not increase the bill all stuff regarding the EC2 Instance Metadata Service can be tested with aws/amazon-ec2-metadata-mock. This tool is quite handy and a great chance to explore new worlds.

pasw - Parse Swagger

Prevent people from creating open Lambda URLs and stop possible Data Leakage or other nasty things.

This is a script helps to install nice candy onto a C2 server:

Quick collection of useful Security by design principles.

Hosts that process SVG can potentially be vulnerable to SSRF, LFI, XSS, RCE because of the rich feature set of SVG.

[MOD = Ctrl-b]

Tiny cheat sheet to remind the funky syntax of Cypher

GuardDuty

Common headers that help to bypass auth issues and HTTP 403 madness:

Based on the Google Dorks List it’s time to gather all info at a glance in a cheatsheet. Here we go :)

I really don’t like Splunk documentation. Why is it so hard to find out how to do a certain action? So this is a cheatsheet that I constructed to help me quickly gain knowledge that I need.

Quick writeup and cheat sheet for sqlmap the automated SQLi and database takeover tool to speed up HTB/CTFs

Tiny but shiny collection of multiple things that can come to help during stressful situations. Dear ladies and gentlemen, I proudly present the:

Some more or less helpful aliases and helper functions used by me in different machines.

Github Search is a quite powerful and useful feature that can be used to search for sensitive data on repositories. Collection of Github dorks can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to be useful for assessing security and performing pen-testing of systems.

Source: MicrosoftDocs/azure-docs

Short writeup about native and common AWS monitoring solutions: CloudWatch, X-Ray, and CloudTrail

AWS CLI Cheatsheet

Source: SummitRoute/aws_exposable_resources

Give a man a RegEx and he’ll parse strings for a function. Teach a man to regex and he’ll be stuck in debugging hell for the rest of his life

Quick writeup of some basic but useful commands for Windows, Linux, and MacOS.

Writeup and collection around GCP and some first steps into the Google Cloud

Amazon Web Services (AWS) CLI Tool Cheatsheet

Microsoft Azure & O365 CLI Tool Cheatsheet

• Other Useful Cloud Tools and Techniques Cheatsheet
  • ScoutSuite
  • jq queries to help with parsing many ScoutSuite reports
    • AWS
    • Azure
  • Custom jq Parsing Help
  • Cloud_Enum
  • GitLeaks
  • Mimikatz
  • Check Command History
  • PowerView
  • FireProx
  • ip2Provider
  • Vulnerable Infrastructure Creation

A collection of IAM Privilege Escalation Methods related to AWS. Source of this Memory

This guide is only representative from my point of view and it may not be accurate and you should go on the official AWS & GCP websites for accurate and detailed information. It’s initially inspired by AWS in simple English and GCP for AWS professionals. The idea is to compare both services, give simple one-line explanation and examples with other software that might have similar capabilities.

Cheatsheet that enhances the GitHub dork list to hunt with the GitHub search syntax for leaked API keys, secrets, and tokens. This list isn’t complete but a good starting point.

kind is a tool for running local Kubernetes clusters using Docker container “nodes”. kind was primarily designed for testing Kubernetes itself, but may be used for local development or CI.

A cheat sheet for PortSwigger Burp Suite application security testing framework. Starting from Hot keys over global till editor

A cheat sheet for quick testing related to some of my Bug Bounty activities

This Cheat Sheet contains some Antimalware Scan Interface (AMSI) bypass / avoidance methods, gathered from different Blog Posts and sources.

The Metasploit Project is a computer security project built by rapid7, that provides information on vulnerabilities, exploits, and helping in the development and execution of penetration tests and IDS signatures.

Nim is a powerful, efficient, and expressive programming language known for its speed and flexibility. In this Nim cheatsheet, you’ll find a concise reference guide covering essential syntax, data types, control structures, and commonly used commands.

k9s is a lightweight tool that provides a powerful and user-friendly interface for managing and monitoring Kubernetes clusters. It makes it easy to list, filter, and view resources, as well as describe, edit, scale, and delete them. Plus, you can use k9s to port forward to pods, benchmark them, and check resources with the same name across different API groups. You can even customize log settings and install plugins to add new functionality.

This cheat sheet contains known and common techniques for port forwarding and tunneling that we often use during engagements. Source: twelvesec/port-forwarding