Cloud | writeups.xyz

Title	Vulnerabilities	Programs	Authors
The Deputy Is Confused About AWS Security Hub	Confused Deputy Information Disclosure Cloud	AWS	Daniel Grzelak (@Dagrz)
38TB of data accidentally exposed by Microsoft AI researchers	Cloud Broken Authorization	Microsoft	Hillai Ben-Sasson (@Hillai) Ronny Greenberg
Hijacking Someone Else’s DCSync	Post-Exploitation Active Directory Azure AD Cloud	Microsoft	Anthony Larcher-Gore (@Nullg0re)
SAMLjacking a poisoned tenant	SAMLjacking SAML SSO OAuth Supply Chain Attack Cloud	Undisclosed	Luke Jennings
What the Function: Decrypting Azure Function App Keys	Cloud	Microsoft (Azure)	Thomas Elling
No keys attached: Exploring GitHub-to-AWS keyless authentication flaws	OIDC CI/CD Cloud Account Takeover	UK Cabinet Office	Christophe Tafani-Dereeper (@Christophetd)
Hijacking Cloud CI/CD Systems for Fun and Profit	Cloud CI/CD Repojacking	Google (GCP) AWS Microsoft (Azure)	Divyanshu (@Gh0st_r1d3r_0x9)
Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack	Cloud Privilege Escalation	Google	Roi Nisimi (@Roinisimi)
Absuing Amazon VPC CNI Plugin For Kubernetes	Kubernetes Privilege Escalation Cloud	Undisclosed	Beme Carnpbell (@BerneCampbell)
AWS CodeBuild + S3 == Privilege Escalation	Cloud Privilege Escalation	Undisclosed	Paolo Cavaglià (@Paupu_95)
Sometimes What Sounds Benign Can Bite You: An Unexpected Implication of Lambda Privileges	Cloud Privilege Escalation	AWS	Ermetic Team
How Abusing AWS CloudFormation Led to a Total Takeover of an AWS Environment	Cloud Information Disclosure Privilege Escalation Account Takeover	Undisclosed	Matthew Keeley (@Nightbanes)
Gaps in Azure Service Fabric’s Security Call for User Vigilance	Cloud Security Misconfiguration	Undisclosed	David Fiser
Spotted: How we discovered Privilege Escalation, missing CloudTrail data and a race condition in AWS Directory Service	Cloud Privilege Escalation Race Condition	AWS	Ben Bridts (@Benbridts)
GCP CloudSQL Vulnerability Leads to Internal Container Access and Data Exposure	Cloud Privilege Escalation	Google (GCP)	Ofir Balassiano (@Ofir_balassiano) Ofir Shaty (@Nu11p01Nt)
Unintended Path to Exam Domination - AWS EC2 Meta-Data	Cloud Privilege Escalation	Undisclosed	Dr. Michael Gschwender (@Rootcathacking)
Tampering with Conditional Access Policies Using Azure AD Graph API	Cloud Privilege Escalation	Microsoft (Azure)	Secureworks Counter Threat Unit (@Secureworks)
From GitHub To Account Takeover: Misconfigured Actions Place GCP & AWS Accounts At Risk	Account Takeover Cloud OIDC CI/CD	Undisclosed	Rezonate
When Good APIs Go Bad: Uncovering 3 Azure API Management Vulnerabilities	SSRF Unrestricted File Upload Path Traversal Cloud	Microsoft (Azure)	Liv Matan (@TerminatorLM)
Exploiting misconfigured Google Cloud Service Accounts from GitHub Actions	OIDC Cloud CI/CD	Undisclosed	Revblock (@Revbl0ck)
Securing Databricks cluster init scripts	Privilege Escalation Cloud	Databricks	Elia Florio Florian Roth (@Cyb3rops) Marius Bartholdy
AWS Identity Center (formerly known as AWS SSO): A Guide to Privilege Escalation and Identity and Access Management	Privilege Escalation Cloud	AWS	Jason Kao
GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts	Cloud OAuth Authorization Bypass	Google (GCP)	Astrix Security (@AstrixSecurity)
#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services	Cloud RCE Container Escape Kubernetes Privilege Escalation Lateral Movement Supply Chain Attack Cross-Tenant Vulnerability	Alibaba	Ronen Shustin (@Ronenshh) Shir Tamari (@Shirtamari)
From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys	Cloud Privilege Escalation	Microsoft (Azure)	Roi Nisimi (@Roinisimi)

Page 2 of 4