gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-13 00:00:24 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #124 from JaimePolop/master

Browse Source 
File Share, Tables, VM and Network
This commit is contained in:
SirBroccoli
2024-12-20 11:49:36 +01:00
committed by GitHub
parent 404cb0d4d6 18edc519c9
commit cad3746f4d
6 changed files with 383 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pentesting-cloud/azure-security/az-post-exploitation/az-table-storage-post-exploitation.md
View File

@@ -15,7 +15,7 @@ Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).p
</details>
{% endhint %}
## Table Storage Privesc
## Table Storage Post Exploitation
For more information about table storage check:

12
pentesting-cloud/azure-security/az-privilege-escalation/az-storage-privesc.md
View File

@@ -150,6 +150,18 @@ az storage blob undelete \
```
{% endcode %}
### Microsoft.Storage/storageAccounts/fileServices/shares/restore/action && Microsoft.Storage/storageAccounts/read
With these permissions, an attacker can restore a deleted Azure file share by specifying its deleted version ID. This privilege escalation could allow an attacker to recover sensitive data that was meant to be permanently deleted, potentially leading to unauthorized access.
{% code overflow="wrap" %}
```bash
az storage share-rm restore \
--storage-account <STORAGE_ACCOUNT_NAME> \
--name <FILE_SHARE_NAME> \
--deleted-version <VERSION>
```
{% endcode %}
## Other interesting looking permissions (TODO)

31
pentesting-cloud/azure-security/az-services/az-file-shares.md
View File

@@ -43,6 +43,9 @@ Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).p
## Enumeration
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# Get storage accounts
@@ -50,6 +53,7 @@ az storage account list #Get the account name from here
# List file shares
az storage share list --account-name <name>
az storage share-rm list --storage-account <name> # To see the deleted ones too --include-deleted
# Get dirs/files inside the share
az storage file list --account-name <name> --share-name <share-name>
## If type is "dir", you can continue enumerating files inside of it
@@ -65,6 +69,33 @@ az storage file list --account-name <name> --share-name <share-name> --snapshot
az storage file download-batch -d . --account-name <name> --source <share-name> --snapshot <snapshot-version>
```
{% endcode %}
{% endtab %}
{% tab title="Az PowerShell" %}
{% code overflow="wrap" %}
```powershell
Get-AzStorageAccount
# List File Shares
Get-AzStorageShare -Context (Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>").Context
# Get Directories/Files Inside the Share
Get-AzStorageFile -ShareName "<share-name>" -Context (Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>").Context
Get-AzStorageFile -ShareName "<share-name>" -Path "<share-directory-path>" -Context (Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>").Context
# Download a Complete Share
Get-AzStorageFileContent -ShareName "<share-name>" -Destination "C:\Download" -Path "<share-directory-path>" -Context (Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>").Context
# Get Snapshots/Backups
Get-AzStorageShare -Context (Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>").Context | Where-Object { $_.SnapshotTime -ne $null }
# List Contents of a Snapshot/Backup
Get-AzStorageFile -ShareName "<share-name>" -Context (New-AzStorageContext -StorageAccountName "<storage-account-name>" -StorageAccountKey (Get-AzStorageAccountKey -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>" | Select-Object -ExpandProperty Value) -SnapshotTime "<snapshot-version>")
```
{% endcode %}
{% endtab %}
{% endtabs %}
{% hint style="info" %}
By default `az` cli will use an account key to sign a key and perform the action. To use the Entra ID principal privileges use the parameters `--auth-mode login --enable-file-backup-request-intent`.

17
pentesting-cloud/azure-security/az-services/az-table-storage.md
View File

@@ -41,6 +41,9 @@ There **isn't built-in backup mechanism** for table storage.
## Enumeration
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# Get storage accounts
az storage account list
@@ -72,6 +75,20 @@ az storage entity merge \
--table-name mytable \
--entity PartitionKey=pk1 RowKey=rk1 Age=31
```
{% endcode %}
{% endtab %}
{% tab title="PowerShell" %}
{% code overflow="wrap" %}
```powershell
# Get storage accounts
Get-AzStorageAccount
# List tables
Get-AzStorageTable -Context (Get-AzStorageAccount -Name <mystorageaccount> -ResourceGroupName <ResourceGroupName>).Context
```
{% endcode %}
{% endtab %}
{% endtabs %}
{% hint style="info" %}
By default `az` cli will use an account key to sign a key and perform the action. To use the Entra ID principal privileges use the parameters `--auth-mode login`.

151
pentesting-cloud/azure-security/az-services/vms/README.md
View File

@@ -66,6 +66,9 @@ Azure Virtual Machines (VMs) are flexible, on-demand **cloud-based servers that
* It's possible to **generate a SAS URI** (of max 60days) to **export the disk**, which can be configured to require authentication or not
* Same in snapshots
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# List all disks
az disk list --output table
@@ -73,6 +76,21 @@ az disk list --output table
# Get info about a disk
az disk show --name <disk-name> --resource-group <rsc-group>
```
{% endcode %}
{% endtab %}
{% tab title="PowerShell" %}
{% code overflow="wrap" %}
```powershell
# List all disks
Get-AzDisk
# Get info about a disk
Get-AzDisk -Name <DiskName> -ResourceGroupName <ResourceGroupName>
```
{% endcode %}
{% endtab %}
{% endtabs %}
## Images, Gallery Images & Restore points
@@ -81,6 +99,9 @@ Images can be managed in the **Images section** of Azure or inside **Azure compu
A **restore point** stores the VM configuration and **point-in-time** application-consistent **snapshots of all the managed disks** attached to the VM. It's related to the VM and its purpose is to be able to restore that VM to how it was in that specific point in it.
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# Shared Image Galleries | Compute Galleries
## List all galleries and get info about one
@@ -112,6 +133,36 @@ az image list --output table
az restore-point collection list-all --output table
az restore-point collection show --collection-name <collection-name> --resource-group <rsc-group>
```
{% endcode %}
{% endtab %}
{% tab title="PowerShell" %}
{% code overflow="wrap" %}
```powershell
## List all galleries and get info about one
Get-AzGallery
Get-AzGallery -Name <GalleryName> -ResourceGroupName <ResourceGroupName>
## List all image definitions in a gallery and get info about one
Get-AzGalleryImageDefinition -GalleryName <GalleryName> -ResourceGroupName <ResourceGroupName>
Get-AzGalleryImageDefinition -GalleryName <GalleryName> -ResourceGroupName <ResourceGroupName> -Name <ImageDefinitionName>
## List all the versions of an image definition in a gallery
Get-AzGalleryImageVersion -GalleryImageDefinitionName <ImageName> -GalleryName <GalleryName> -ResourceGroupName <ResourceGroupName>
## List all VM applications inside a gallery
Get-AzGalleryApplication -GalleryName <GalleryName> -ResourceGroupName <ResourceGroupName>
# Images
# List all managed images in your subscription
Get-AzImage -Name <ResourceName> -ResourceGroupName <ResourceGroupName>
# Restore points
## List all restore points and get info about 1
Get-AzRestorePointCollection -Name <CollectionName> -ResourceGroupName <ResourceGroupName>
```
{% endcode %}
{% endtab %}
{% endtabs %}
## Azure Site Recovery
@@ -125,6 +176,8 @@ The Bastion deploys a subnet called **`AzureBastionSubnet`** with a `/26` netmas
To list all Azure Bastion Hosts in your subscription and connect to VMs through them, you can use the following commands:
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# List bastions
@@ -149,6 +202,16 @@ az network bastion rdp \
--password <VM_PASSWORD>
```
{% endcode %}
{% endtab %}
{% tab title="PowerShell" %}
{% code overflow="wrap" %}
```powershell
# List bastions
Get-AzBastion
```
{% endcode %}
{% endtab %}
{% endtabs %}
## Metadata
@@ -302,7 +365,6 @@ az vm run-command list --output table
```
{% endcode %}
{% endtab %}
{% tab title="Az PS" %}
```powershell
# Get readable VMs
@@ -321,7 +383,79 @@ Get-AzVMExtension -ResourceGroupName <res_group_name> -VMName <name>
Get-AzVM | select -ExpandProperty NetworkProfile # Get name of network connector of VM
Get-AzNetworkInterface -Name <name> # Get info of network connector (like IP)
# Disks
## List all disks and get info about one
Get-AzDisk
Get-AzDisk -Name <DiskName> -ResourceGroupName <ResourceGroupName>
# Snapshots
## List all galleries abd get info about one
Get-AzGallery
Get-AzGallery -Name <GalleryName> -ResourceGroupName <ResourceGroupName>
## List all snapshots and get info about one
Get-AzSnapshot
Get-AzSnapshot -Name <SnapshotName> -ResourceGroupName <ResourceGroupName>
## List all image definitions in a gallery and get info about one
Get-AzGalleryImageDefinition -GalleryName <GalleryName> -ResourceGroupName <ResourceGroupName>
Get-AzGalleryImageDefinition -GalleryName <GalleryName> -ResourceGroupName <ResourceGroupName> -Name <ImageDefinitionName>
## List all the versions of an image definition in a gallery
Get-AzGalleryImageVersion -GalleryImageDefinitionName <ImageName> -GalleryName <GalleryName> -ResourceGroupName <ResourceGroupName>
## List all VM applications inside a gallery
Get-AzGalleryApplication -GalleryName <GalleryName> -ResourceGroupName <ResourceGroupName>
# Images
# List all managed images in your subscription
Get-AzImage -Name <ResourceName> -ResourceGroupName <ResourceGroupName>
# Restore points
## List all restore points and get info about 1
Get-AzRestorePointCollection -Name <CollectionName> -ResourceGroupName <ResourceGroupName>
# Bastion
## List bastions
Get-AzBastion
# Network
## List all VNets in your subscription
Get-AzVirtualNetwork
## List VNet peering connections for a given VNet
(Get-AzVirtualNetwork -ResourceGroupName <ResourceGroupName> -Name <VNetName>).VirtualNetworkPeerings
## List Shared Resources (e.g., Azure Firewall) in the Hub
Get-AzFirewall
## List VPN Gateways
Get-AzVirtualNetworkGateway -ResourceGroupName <ResourceGroupName>
## List VPN Connections
Get-AzVirtualNetworkGatewayConnection -ResourceGroupName <ResourceGroupName>
## List ExpressRoute Circuits
Get-AzExpressRouteCircuit
# Misc
## List all virtual machine scale sets
Get-AzVmss
## List all availability sets
Get-AzAvailabilitySet
## List all load balancers
Get-AzLoadBalancer
## List all storage accounts
Get-AzStorageAccount
## List all custom script extensions on a specific VM
Get-AzVMExtension -VMName <VmName> -ResourceGroupName <ResourceGroupName>
```
{% endcode %}
{% endtab %}
{% endtabs %}
@@ -337,6 +471,9 @@ The required permission is **`Microsoft.Compute/virtualMachines/extensions/write
It's possible to list all the available extensions with:
{% tabs %}
{% tab title="Az Cli" %}
{% code overflow="wrap" %}
```bash
# It takes some mins to run
az vm extension image list --output table
@@ -344,6 +481,18 @@ az vm extension image list --output table
# Get extensions by publisher
az vm extension image list --publisher "Site24x7" --output table
```
{% endcode %}
{% endtab %}
{% tab title="PowerShell" %}
{% code overflow="wrap" %}
```powershell
# It takes some mins to run
Get-AzVMExtensionImage -Location <Location> -PublisherName <PublisherName> -Type <Type>
```
{% endcode %}
{% endtab %}
{% endtabs %}
It's possible to **run custom extensions that runs custom code**:

172
pentesting-cloud/azure-security/az-services/vms/az-azure-network.md
View File

@@ -37,6 +37,8 @@ By default all subnets within the same Azure Virtual Network (VNet) **can commun
To list all the VNets and subnets in an Azure account, you can use the Azure Command-Line Interface (CLI). Here are the steps:
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# List VNets
@@ -46,6 +48,21 @@ az network vnet list --query "[].{name:name, location:location, addressSpace:add
az network vnet subnet list --resource-group <ResourceGroupName> --vnet-name <VNetName> --query "[].{name:name, addressPrefix:addressPrefix}" -o table
```
{% endcode %}
{% endtab %}
{% tab title="PowerShell" %}
{% code overflow="wrap" %}
```powershell
# List VNets
Get-AzVirtualNetwork | Select-Object Name, Location, @{Name="AddressSpace"; Expression={$_.AddressSpace.AddressPrefixes}}
# List subnets of a VNet
Get-AzVirtualNetwork -ResourceGroupName <ResourceGroupName> -Name <VNetName> |
Select-Object -ExpandProperty Subnets |
Select-Object Name, AddressPrefix
```
{% endcode %}
{% endtab %}
{% endtabs %}
## Network Security Groups (NSG)
@@ -60,6 +77,8 @@ NSGs can be associated to **subnets and NICs.**
### Enumeration
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# List NSGs
@@ -73,7 +92,23 @@ az network nsg rule list --nsg-name <NSGName> --resource-group <ResourceGroupNam
az network nsg show --name MyLowCostVM-nsg --resource-group Resource_Group_1 --query "{subnets: subnets, networkInterfaces: networkInterfaces}"
```
{% endcode %}
{% endtab %}
{% tab title="PowerShell" %}
{% code overflow="wrap" %}
```powershell
# List NSGs
Get-AzNetworkSecurityGroup | Select-Object Name, Location
Get-AzNetworkSecurityGroup -Name <NSGName> -ResourceGroupName <ResourceGroupName>
# Get NSG rules
(Get-AzNetworkSecurityGroup -ResourceGroupName <NSGName> -Name <ResourceGroupName>).SecurityRules
# Get NICs and subnets using this NSG
(Get-AzNetworkSecurityGroup -Name <NSGName> -ResourceGroupName <ResourceGroupName>).Subnets
```
{% endcode %}
{% endtab %}
{% endtabs %}
## Azure Firewall
Azure Firewall is a **managed network security service** in Azure that protects cloud resources by inspecting and controlling traffic. It is a **stateful firewall** that filters traffic based on rules for Layers 3 to 7, supporting communication both **within Azure** (east-west traffic) and **to/from external networks** (north-south traffic). Deployed at the **Virtual Network (VNet) level**, it provides centralized protection for all subnets in the VNet. Azure Firewall automatically scales to handle traffic demands and ensures high availability without requiring manual setup.
@@ -92,6 +127,8 @@ It is available in three SKUs—**Basic**, **Standard**, and **Premium**, each t
### Enumeration
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# List Azure Firewalls
@@ -107,6 +144,25 @@ az network firewall application-rule collection list --firewall-name <FirewallNa
az network firewall nat-rule collection list --firewall-name <FirewallName> --resource-group <ResourceGroupName> --query "[].{name:name, rules:rules}" -o table
```
{% endcode %}
{% endtab %}
{% tab title="PowerShell" %}
{% code overflow="wrap" %}
```powershell
# List Azure Firewalls
Get-AzFirewall
# Get network rules of a firewall
(Get-AzFirewall -Name <FirewallName> -ResourceGroupName <ResourceGroupName>).NetworkRuleCollections
# Get application rules of a firewall
(Get-AzFirewall -Name <FirewallName> -ResourceGroupName <ResourceGroupName>).ApplicationRuleCollections
# Get nat rules of a firewall
(Get-AzFirewall -Name <FirewallName> -ResourceGroupName <ResourceGroupName>).NatRuleCollections
```
{% endcode %}
{% endtab %}
{% endtabs %}
## Azure Route Tables
@@ -116,6 +172,8 @@ Azure **Route Tables** are used to control the routing of network traffic within
### **Enumeration**
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# List Route Tables
@@ -125,7 +183,19 @@ az network route-table list --query "[].{name:name, resourceGroup:resourceGroup,
az network route-table route list --route-table-name <RouteTableName> --resource-group <ResourceGroupName> --query "[].{name:name, addressPrefix:addressPrefix, nextHopType:nextHopType, nextHopIpAddress:nextHopIpAddress}" -o table
```
{% endcode %}
{% endtab %}
{% tab title="PowerShell" %}
{% code overflow="wrap" %}
```powershell
# List Route Tables
Get-AzRouteTable
# List routes for a table
(Get-AzRouteTable -Name <RouteTableName> -ResourceGroupName <ResourceGroupName>).Routes
```
{% endcode %}
{% endtab %}
{% endtabs %}
## Azure Private Link
Azure Private Link is a service in Azure that **enables private access to Azure services** by ensuring that **traffic between your Azure virtual network (VNet) and the service travels entirely within Microsoft's Azure backbone network**. It effectively brings the service into your VNet. This setup enhances security by not exposing the data to the public internet.
@@ -142,6 +212,8 @@ Consider a scenario where you have an **Azure SQL Database that you want to acce
### **Enumeration**
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# List Private Link Services
@@ -151,6 +223,19 @@ az network private-link-service list --query "[].{name:name, location:location,
az network private-endpoint list --query "[].{name:name, location:location, resourceGroup:resourceGroup, privateLinkServiceConnections:privateLinkServiceConnections}" -o table
```
{% endcode %}
{% endtab %}
{% tab title="PowerShell" %}
{% code overflow="wrap" %}
```powershell
# List Private Link Services
Get-AzPrivateLinkService | Select-Object Name, Location, ResourceGroupName
# List Private Endpoints
Get-AzPrivateEndpoint | Select-Object Name, Location, ResourceGroupName, PrivateEndpointConnections
```
{% endcode %}
{% endtab %}
{% endtabs %}
## Azure Service Endpoints
@@ -162,6 +247,8 @@ For instance, an **Azure Storage** account by default is accessible over the pub
### **Enumeration**
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# List Virtual Networks with Service Endpoints
@@ -171,6 +258,19 @@ az network vnet list --query "[].{name:name, location:location, serviceEndpoints
az network vnet subnet list --resource-group <ResourceGroupName> --vnet-name <VNetName> --query "[].{name:name, serviceEndpoints:serviceEndpoints}" -o table
```
{% endcode %}
{% endtab %}
{% tab title="PowerShell" %}
{% code overflow="wrap" %}
```powershell
# List Virtual Networks with Service Endpoints
Get-AzVirtualNetwork
# List Subnets with Service Endpoints
(Get-AzVirtualNetwork -ResourceGroupName <ResourceGroupName> -Name <VNetName>).Subnets
```
{% endcode %}
{% endtab %}
{% endtabs %}
### Differences Between Service Endpoints and Private Links
@@ -208,6 +308,8 @@ Imagine you have a globally distributed application with users all around the wo
### Enumeration
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# List Azure Front Door Instances
@@ -217,6 +319,19 @@ az network front-door list --query "[].{name:name, resourceGroup:resourceGroup,
az network front-door waf-policy list --query "[].{name:name, resourceGroup:resourceGroup, location:location}" -o table
```
{% endcode %}
{% endtab %}
{% tab title="PowerShell" %}
{% code overflow="wrap" %}
```powershell
# List Azure Front Door Instances
Get-AzFrontDoor
# List Front Door WAF Policies
Get-AzFrontDoorWafPolicy -Name <policyName> -ResourceGroupName <resourceGroupName>
```
{% endcode %}
{% endtab %}
{% endtabs %}
## Azure Application Gateway and Azure Application Gateway WAF
@@ -229,12 +344,24 @@ And **protect your website from attacks using the WAF capabilities.**
### **Enumeration**
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# List the Web Application Firewall configurations for your Application Gateways
az network application-gateway waf-config list --gateway-name <AppGatewayName> --resource-group <ResourceGroupName> --query "[].{name:name, firewallMode:firewallMode, ruleSetType:ruleSetType, ruleSetVersion:ruleSetVersion}" -o table
```
{% endcode %}
{% endtab %}
{% tab title="PowerShell" %}
{% code overflow="wrap" %}
```powershell
# List the Web Application Firewall configurations for your Application Gateways
(Get-AzApplicationGateway -Name <AppGatewayName> -ResourceGroupName <ResourceGroupName>).WebApplicationFirewallConfiguration
```
{% endcode %}
{% endtab %}
{% endtabs %}
## Azure Hub, Spoke & VNet Peering
@@ -253,6 +380,8 @@ Imagine a company with separate departments like Sales, HR, and Development, **e
### Enumeration
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# List all VNets in your subscription
@@ -265,6 +394,22 @@ az network vnet peering list --resource-group <ResourceGroupName> --vnet-name <V
az network firewall list --query "[].{name:name, location:location, resourceGroup:resourceGroup}" -o table
```
{% endcode %}
{% endtab %}
{% tab title="PowerShell" %}
{% code overflow="wrap" %}
```powershell
# List all VNets in your subscription
Get-AzVirtualNetwork
# List VNet peering connections for a given VNet
(Get-AzVirtualNetwork -ResourceGroupName <ResourceGroupName> -Name <VNetName>).VirtualNetworkPeerings
# List Shared Resources (e.g., Azure Firewall) in the Hub
Get-AzFirewall
```
{% endcode %}
{% endtab %}
{% endtabs %}
## Site-to-Site VPN
@@ -276,6 +421,8 @@ A business with its main office located in New York has an on-premises data cent
### **Enumeration**
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# List VPN Gateways
@@ -285,6 +432,19 @@ az network vnet-gateway list --query "[].{name:name, location:location, resource
az network vpn-connection list --gateway-name <VpnGatewayName> --resource-group <ResourceGroupName> --query "[].{name:name, connectionType:connectionType, connectionStatus:connectionStatus}" -o table
```
{% endcode %}
{% endtab %}
{% tab title="PowerShell" %}
{% code overflow="wrap" %}
```powershell
# List VPN Gateways
Get-AzVirtualNetworkGateway -ResourceGroupName <ResourceGroupName>
# List VPN Connections
Get-AzVirtualNetworkGatewayConnection -ResourceGroupName <ResourceGroupName>
```
{% endcode %}
{% endtab %}
{% endtabs %}
## Azure ExpressRoute
@@ -296,12 +456,24 @@ A multinational corporation requires a **consistent and reliable connection to i
### **Enumeration**
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# List ExpressRoute Circuits
az network express-route list --query "[].{name:name, location:location, resourceGroup:resourceGroup, serviceProviderName:serviceProviderName, peeringLocation:peeringLocation}" -o table
```
{% endcode %}
{% endtab %}
{% tab title="PowerShell" %}
{% code overflow="wrap" %}
```powershell
# List ExpressRoute Circuits
Get-AzExpressRouteCircuit
```
{% endcode %}
{% endtab %}
{% endtabs %}
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\