Domain overview
This domain focuses on AWS, Azure and GCP, with attention to IaaS, PaaS, SaaS-connected workflows, identity provider coupling, CI/CD trust, infrastructure as code drift, container escape paths and Kubernetes control surfaces. The aim is to move from raw cloud inventory toward clear offensive questions: who can assume what, which service can mint or forward trust, where secrets live, and which automation path can be turned into durable access.
How to approach this surface
- Identity-first thinking: enumerate roles, service accounts, app registrations, federation points and token issuance paths before obsessing over individual compute instances.
- Control-plane abuse: cloud management APIs often matter more than a single VM because they can create, snapshot, attach, redeploy or exfiltrate at scale.
- Automation drift: CI/CD, IaC and GitOps pipelines frequently hold the quietest but most scalable route to privilege expansion.
- Container and Kubernetes pressure: namespace assumptions, secret mounting, admission gaps, node trust and exposed dashboards often become the bridge from workload to cluster influence.
- SaaS adjacency: a cloud estate is rarely isolated; identity, mail, file-sharing and ticketing systems often inherit trust from the same provider backbone.
Related certification and framework context
- OffSec SEC-588 / Cloud SecurityCloud-native attack paths, automation abuse and defensive context.
- OffSec PEN-200 / OSCP+Useful when cloud edges still terminate into classic internal attack paths.
- MITRE ATT&CK Cloud MatrixCloud-specific adversary techniques, identities and service abuse paths.
Curated public references
- AWS IAM DocumentationPolicies, principals, role assumption and trust policy behaviour.
- Microsoft Learn · Entra IDIdentity provider and cloud control guidance across Microsoft estates.
- Google Cloud IAMBindings, service accounts and permission inheritance.
- Kubernetes DocumentationControl-plane objects, RBAC, admission and workload operations.
- OWASP Kubernetes Top TenCommon cloud-native and container orchestration failure patterns.
Brief index
Cloud Control-Plane Abuse
Abusing management APIs, role assumption, snapshots, metadata paths and orchestration privileges.
Kubernetes and Container Escape Paths
Namespace, runtime, secret, admission and node-trust weaknesses that turn workloads into wider control.
Cloud Identity and SaaS Trust
Where IdP, SaaS and provider-side trust blur into one offensive graph.
IaC, Pipelines and Cloud Drift
How Terraform, ARM/Bicep, CloudFormation and CI workflows become cloud attack paths.