conducting-cloud-penetration-testing

Featured

This skill outlines methodologies for performing authorized penetration testing against AWS, Azure, and GCP cloud environments. It covers understanding the shared responsibility model for testing scope, leveraging cloud-specific attack tools like Pacu and ScoutSuite, exploiting IAM misconfigurations, testing for SSRF to cloud metadata services, and reporting findings aligned to MITRE ATT&CK Cloud matrix.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Conducting Cloud Penetration Testing ## When to Use - When performing authorized security assessments of cloud environments before production deployment - When validating cloud security controls after a major architectural change or migration - When compliance requirements mandate annual penetration testing of cloud infrastructure - When testing incident response readiness by simulating realistic cloud-based attack scenarios - When assessing lateral movement risk across multi-account or multi-cloud environments **Do not use** for unauthorized testing against cloud accounts, for testing cloud provider infrastructure itself (covered by the shared responsibility model), or for DDoS simulation without explicit cloud provider approval. ## Prerequisites - Written authorization from the cloud account owner and scope definition document - AWS, Azure, or GCP penetration testing policy acknowledgment (AWS no longer requires pre-approval for most services) - Isolated testing account or explicitly scoped production account with breakglass procedures - Cloud-specific offensive tooling installed: Pacu (AWS), ScoutSuite, Prowler, CloudFox - MITRE ATT&CK Cloud matrix for finding classification ## Workflow ### Step 1: Define Scope and Rules of Engagement Establish testing boundaries based on the shared responsibility model. The customer is responsible for testing configurations, IAM policies, application security, and data protection. The cloud provider manages physical infrastructu...

Details

Author: mukul975
Repository: mukul975/Anthropic-Cybersecurity-Skills
Created: 3 months ago
Last Updated: today
Language: Python
License: Apache-2.0

Integrates with

Google Cloud · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Solid

cloud-penetration-testing

This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfigurations", "test O365 security", "extract secrets from cloud environments", or "audit cloud infrastructure". It provides comprehensive techniques for security assessment across major cloud platforms.

27,681 Updated today

davila7

DevOps & Infrastructure Solid

cloud-penetration-testing

4,215 Updated today

zebbern

DevOps & Infrastructure Listed

cloud-penetration-testing

335 Updated today

aiskillstore

DevOps & Infrastructure Featured

cloud-penetration-testing

Conduct comprehensive security assessments of cloud infrastructure across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).

39,227 Updated today

sickn33

Testing & QA Solid

cloud-security-testing

Multi-cloud security assessment and penetration testing capabilities. Execute Prowler/ScoutSuite assessments, analyze IAM policies, identify cloud misconfigurations, test permissions, and enumerate cloud resources across AWS/GCP/Azure.

1,034 Updated today

a5c-ai