Releases: Hacking-the-Cloud/hackingthe.cloud
Releases · Hacking-the-Cloud/hackingthe.cloud
v2.4.14
What's Changed
- Added Bluesky link by @Frichetten in #425
- Remove Broken Link in Domain Takeover by @cbztech in #427
- Added AWS CLI Tips and Tricks article by @Frichetten in #428
- Updated the GuardDuty Pentest finding bypass article by @Frichetten in #429
- Update guardduty-pentest.md by @Frichetten in #430
- Fix author image in connection tracking article by @Frichetten in #431
- Update block-expensive-actions-with-scps.md by @Frichetten in #432
- Update block-expensive-actions-with-scps.md by @Frichetten in #433
- Downloaded all researcher images locally so the links don't get broken by @Frichetten in #435
- Remove unnecessary redirects for the blog pages by @Frichetten in #436
- Update/socials by @Frichetten in #437
- new: playbook exploit public resources by @saw-your-packet in #439
- Update exploting_public_resources_attack_playbook.md by @Frichetten in #440
- update(ssm_run_command): advanced attacks by @saw-your-packet in #441
- new: terraform cloud OIDC exploitation by @saw-your-packet in #442
- update: Add cloud-boothook tip for user data by @ramimac in #443
- Added 2024 wrap up blog post by @Frichetten in #445
New Contributors
- @cbztech made their first contribution in #427
- @saw-your-packet made their first contribution in #439
Full Changelog: v2.4.13...v2.4.14
v2.4.13
What's Changed
- Added block expensive AWS API actions with SCPs article by @Frichetten in #406
- Update block-expensive-actions-with-scps.md by @Frichetten in #407
- Add precision regarding who can assume the role by @adraelll in #411
- Add Amplify vuln article by @Frichetten in #410
- Update exploit_amplify_vulnerability_in_same_account_scenario.md by @Frichetten in #412
- Update exploit_amplify_vulnerability_in_same_account_scenario.md by @Frichetten in #413
- Updated Lambda exploitation article by @Frichetten in #414
- Update exploit_amplify_vulnerability_in_same_account_scenario.md by @Frichetten in #415
- Added content on the GitLab OIDC article by @Frichetten in #420
- Added documentation for Azure Run Commands by @lsass-exe in #423
New Contributors
- @adraelll made their first contribution in #411
- @lsass-exe made their first contribution in #423
Full Changelog: v2.4.12...v2.4.13
v2.4.12
What's Changed
- Added cards to Azure pages by @Frichetten in #382
- Standardized required iam permissions icons by @Frichetten in #383
- Added alt tag to all profile images by @Frichetten in #384
- Fixed bad link in enumerate_principal_arn_from_unique_id.md by @pranavpudasaini in #385
- Fixed references to internal links and images by @Frichetten in #386
- Updated GitHub Actions cache to v4 by @Frichetten in #387
- Cloned all images locally by @Frichetten in #393
- Account ID Operational Security Update by @mosesrenegade in #395
- Enumerate root email address from AWS Console by @cloud-aware in #398
- fix typo by @EduardSchwarzkopf in #399
- Add article about finding secrets in public AMIs by @EduardSchwarzkopf in #400
- Update CONTRIBUTING.md by @Frichetten in #401
- Fix: Spelling and grammar for abusing managed identities page by @stormheartfox in #402
- Add Enumeration for ALL services for GCP by @WebbinRoot in #404
- Made some minor tweaks to the recent gcp enumeration article for formatting by @Frichetten in #405
New Contributors
- @pranavpudasaini made their first contribution in #385
- @EduardSchwarzkopf made their first contribution in #399
- @stormheartfox made their first contribution in #402
Full Changelog: v2.4.11...v2.4.12
v2.4.11
What's Changed
- Added reference to aws-lint-iam-policies by @michael-kirchner-at in #346
- Updated get-account-id-from-keys to include Aidan and Tal's research by @Frichetten in #347
- Added cards to route53_modification_privilege_escalation by @Frichetten in #349
- Added card to s3-bucket-replication-exfiltration by @Frichetten in #350
- Added card to get_iam_creds_from_console_session by @Frichetten in #352
- Added card to Intercept SSM Communications by @Frichetten in #353
- Added cards to Lambda Persistence by @Frichetten in #354
- Added cards to user-data-script-persistence and added link to IAM persistence methods article by @Frichetten in #355
- Added cards to run_shell_commands_on_ec2 by @Frichetten in #356
- Added cards to modify-guardduty-config by @Frichetten in #357
- Merged 2 user data priv esc articles into one by @Frichetten in #358
- Added intro to local_ec2_priv_esc_through_user_data by @Frichetten in #359
- Added article on role trust policies with wildcard principal element by @Frichetten in #362
- Update/new branding by @Frichetten in #367
- Fixing the logo for social cards by @Frichetten in #368
- Updated background color of social cards by @Frichetten in #369
- Updated banner image by @Frichetten in #370
- Trying a thinner banner by @Frichetten in #371
- Added new social card layout/style by @Frichetten in #372
- Added an admonition about HackTricks Cloud still plagiarizing people's work by @Frichetten in #373
- Added [Deprecated] to old methods by @Frichetten in #374
- Added smaller favicon by @Frichetten in #375
- Updated HackTricks warning by @Frichetten in #376
- Changed title of Derive a Principal ARN from an AWS Unique Identifier by @Frichetten in #379
- Added cards to stealh_perm_enum by @Frichetten in #380
- Added card to role chain juggling by @Frichetten in #381
New Contributors
- @michael-kirchner-at made their first contribution in #346
Full Changelog: v2.4.10...v2.4.11
v2.4.10
What's Changed
- Updated GitHub Action dependencies by @Frichetten in #306
- Fixed orphaned_cloudfront_or_dns_takeover_via_s3 file name by @Frichetten in #308
- Added Mastodon link to 2023 wrap up by @Frichetten in #309
- Update guardduty-pentest.md by @m4wk in #312
- Added some minor flair to guardduty-pentest.md by @Frichetten in #313
- Added the star count to the 2023 wrap up by @Frichetten in #316
- Updated orphaned_cloudfront_or_dns_takeover_via_s3 to reference the new error by @Frichetten in #319
- Removed the period from the end of the author byline by @Frichetten in #320
- Create FUNDING.yml by @Frichetten in #321
- Removed conflicting content by @Frichetten in #322
- Fixed 404 pages popping up for 2 articles by @Frichetten in #323
- Added card templates to the CONTRIBUTING page by @Frichetten in #325
- Added a code block to the CONTRIBUTING page by @Frichetten in #326
- Added some additional context to the IAM Key Identifiers article and added a card by @Frichetten in #327
- Added card to enum_iam_user_role by @Frichetten in #328
- Added a card to the connection tracking article by @Frichetten in #329
- Added custom background color by @Frichetten in #330
- Revert "Added custom background color" by @Frichetten in #331
- Added better background color handling by @Frichetten in #332
- Added cards to abusing-container-registry by @Frichetten in #333
- Added the Required IAM Permissions card to templates by @Frichetten in #334
- Added card to cognito_identity_pool_excessive_privileges by @Frichetten in #335
- Updated Material for MKDocs dependencies by @Frichetten in #336
- Added card to local-priv-esc-mod-instance-att by @Frichetten in #337
- Added cards to iam_privilege_escalation by @Frichetten in #338
- Added card to cognito_user_self_signup by @Frichetten in #339
- Added the Bypass Cognito Account Enumeration Controls article by @Frichetten in #341
- Update bypass_cognito_user_enumeration_controls.md by @Frichetten in #342
- Update bypass_cognito_user_enumeration_controls.md by @Frichetten in #343
- Update bypass_cognito_user_enumeration_controls.md by @Frichetten in #344
- Update abusing-container-registry.md by @tragulum in #345
New Contributors
Full Changelog: v2.4.9...v2.4.10
v2.4.9
What's Changed
- Update robots.txt by @Frichetten in #289
- Added usage info for SneakyEndpoints by @Frichetten in #292
- Updated the whoami article with a new method by @Frichetten in #295
- Added permalink support for headings by @Frichetten in #298
- Added Aidan's technique to find a principal's ARN from a unique identifier by @Frichetten in #299
- Fix typo in a recent blog post by @aidansteele in #300
- Fixed the order of the Enumerate IAM User/Role article by @Frichetten in #301
- S3 server access logs by @costasko in #303
- Update aws_organizations_defaults.md with new AWS Organizations research by @WebbinRoot in #258
- Added 2023 year-end wrap up by @Frichetten in #305
New Contributors
- @aidansteele made their first contribution in #300
- @costasko made their first contribution in #303
- @WebbinRoot made their first contribution in #258
Full Changelog: v2.4.8...v2.4.9
v2.4.8
What's Changed
- Update get_iam_creds_from_console_session.md by @ramimac in #270
- Removed two unneeded summary headers in articles by @Frichetten in #271
- Added article: Download Tools and Exfiltrate Data with the AWS CLI by @Frichetten in #273
- Added tip to the AWS CLI lolscript article by @Frichetten in #274
- Add IAM privilege escalation techniques regarding deleting or updating IAM permissions boundaries by @delenamalan in #275
- Improved the EC2 SSRF article by @Frichetten in #276
- Add IAM persistence article by @Frichetten in #277
- Create robots.txt by @Frichetten in #281
- Updated the workflow badge by @Frichetten in #282
- Updated the banner to add Mastodon by @Frichetten in #288
- Added an article on using sts:GetFederationToken by @Frichetten in #287
New Contributors
- @ramimac made their first contribution in #270
- @delenamalan made their first contribution in #275
Full Changelog: v2.4.7...v2.4.8
v2.4.7
What's Changed
- Autoscaling Technique by @gonda-praetorian in #262
- Updated references with grid cards for dangling subdomain article by @Frichetten in #264
- Fixed some formatting issues with the orphaned CloudFront grid cards by @Frichetten in #265
- Updated dev Dockerfile by @Frichetten in #267
- Added two new concepts to AWS exploitation associated with Amazon Cognito. by @righteousgambit in #269
New Contributors
- @gonda-praetorian made their first contribution in #262
Full Changelog: v2.4.6...v2.4.7
v2.4.6
What's Changed
- Update s3_streaming_copy.md by @houey in #247
- Updated image for CI/CDon't by @Frichetten in #248
- Update s3_streaming_copy.md by @houey in #249
- Added technique seen in the wild flag to create console session by @Frichetten in #250
- Updated CONTRIBUTING with information on cards by @Frichetten in #251
- Removed the note about aws_consoler by @Frichetten in #252
- Updated the guidance in this particular page on console access. by @mosesrenegade in #253
- Reformat the Create a Console Session from IAM Credentials page by @Frichetten in #254
- Add Technique Seen in the Wild card for Steal IAM Credentials and Event Data from Lambda by @Frichetten in #256
- s3-account-search works now by @benbridts in #259
- Updates to Enumeration Modules for Big 3 cloud providers. by @righteousgambit in #260
- Fix extra toc's that were added by @Frichetten in #261
New Contributors
- @benbridts made their first contribution in #259
Full Changelog: v2.4.5...v2.4.6
v2.4.5
What's Changed
- Removed winter theming by @Frichetten in #233
- Demoing info cards at the top of an article by @Frichetten in #235
- Changed the project License by @Frichetten in #236
- Enumerate AWS root account ID from AWS Console by @Skullduggeryism in #237
- Fixed the missing page edit button by @Frichetten in #238
- Fix the missing title issue by @Frichetten in #239
- Fixed a weird bug where the title would disapear on pages without a # by @Frichetten in #240
- Fixed more missing titles in articles by @Frichetten in #241
- Added Bucket Replication Page by @bleemb in #242
- updating some typos and mentioning domain-protect by @houey in #245
- Create s3_streaming_copy by @houey in #246
New Contributors
- @Skullduggeryism made their first contribution in #237
Full Changelog: v2.4.4...v2.4.5