Welcome to My Cloud Security Research Lists

The following list is my interesting resources that includes techical articles, labs , e-books for developing my cloud security skills. Please feel free to contribute. : ]

Cloud Security Services & Overview

• CloudSecDocs: is a website collecting and sharing technical notes and knowledge on cloud-native technologies, security, technical leadership, and engineering culture.
• CloudSecList: is the best way to stay on top of the cloud security landscape without having to be overwhelmed by all the noise.

Lab

Pentester Academy : Setup and exploit vulnerabilities over xx scenarios in AWS cloud

• https://attackdefense.com/listing?labtype=cloud-services&subtype=cloud-services-amazon-iam

Cloud Goat : Rhino Security Labs’ “Vulnerable by Design” AWS infrastructure setup tool

• https://github.com/RhinoSecurityLabs/cloudgoat

AWS Sec Workshop : Collection of workshops and other hands-on content aimed at helping you gain an understanding of the AWS service ecosystem.

• https://awssecworkshops.com

Well Architechtedlabs

• https://wellarchitectedlabs.com

DVCA (Damn Vulnerable Cloud Application)

• https://github.com/m6a-UdS/dvca

Flaws.cloud

• http://flaws.cloud
• http://flaws2.cloud

IAM Vulnerable : Useful resources for deploying and exploiting AWS IAM privilege esclation paths.

• https://github.com/BishopFox/iam-vulnerable

E-Book

• Hands on AWS Penetration Testing

Awesome Github

Deep technical guidelines for further study

• Multi-Vendor Cloud Security
  • The 'Cloud' aka Someone's Else's Data Center
• AWS
  • Payload All the things - AWS Pentest
• Azure
  • Official Microsoft's Github which related to Security
  • Payload All the things - Azure Pentest

Pentest My Mapping

• Cloud PenTest - AWS and Azure by Joas

MITRE Attack for Cloud Services

• AWS
  • https://twitter.com/jhencinski/status/1328714145848549376
• Azure
  • Azure AD - Attack and Defense Playbook
• GCP
  • https://www.linkedin.com/feed/update/urn:li:activity:7020990663135539201/

Attacks in Cloud Services

• GCP
  • Google Cloud – Attack OVERVIEW PT1

Tools

• Azure
  • MicroBurst

Cloud Security Workshop

• SANS Workshop – Cloud Application Attacks

Incident Response

• Password Spray Attack Detection by Microsoft
• How to Detect Malicious OAuth Device Code Phishing

Threat Hunting

• Threat Hunting AWS CloudTrail with Sentinel: Part 1

Malware Analysis

• AUTOMATING MALWARE ANALYSIS OPERATIONS ON CLOUD

Cloud Security Governance & Assurance

• Cloud Security Governance & Assurance POV
• Cloud Controls Matrix (CCM)

Cloud Security Assessment

• ScubaGear M365 Secure Configuration Baseline Assessment Tool
• Microsoft Azure Active Directory M365 Minimum Viable Secure Configuration Baseline Draft Version 0.1
• Securing Amazon Web Services by using CIS

Cloud Security Checklists