GitHub – carlospolop/CloudPEASS: Cloud Privilege Escalation Attack and Security Scripts

By /

Listen to this Post

CloudPEASS is a powerful toolkit designed for identifying and exploiting privilege escalation vulnerabilities in cloud environments. It provides security professionals, red teams, and blue teams with scripts and techniques to assess and secure cloud infrastructures effectively.

You Should Know:

1. Key Features of CloudPEASS

  • Automated Cloud Enumeration: Scans cloud services (AWS, Azure, GCP) for misconfigurations.
  • Privilege Escalation Checks: Identifies weak IAM policies, excessive permissions, and vulnerable roles.
  • Post-Exploitation Modules: Helps maintain access and pivot within compromised environments.

2. Practical Commands & Usage

To get started, clone the repository and explore its capabilities:

git clone https://github.com/carlospolop/CloudPEASS.git 
cd CloudPEASS 
chmod +x .sh

AWS Enumeration Example

./aws_enum.sh --access-key <KEY> --secret-key <SECRET> --region us-east-1

Azure Privilege Escalation Check

./azure_privcheck.sh --tenant-id <TENANT_ID> --app-id <APP_ID> --client-secret <SECRET>

GCP Service Account Audit

./gcp_service_audit.sh --project-id <PROJECT_ID> --key-file credentials.json

3. Defensive Measures (Blue Team)

  • Monitor IAM Changes: 
    aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=UpdateUser
  • Restrict Over-Permissive Roles: 
    aws iam put-role-policy --role-name Admin --policy-document file://restrictive_policy.json

4. Post-Exploitation Cleanup

If compromised, revoke exposed keys immediately:

aws iam delete-access-key --user-name <USER> --access-key-id <KEY_ID>

What Undercode Say:

CloudPEASS is an essential tool for modern cloud security assessments. Its automated approach saves time, but manual verification remains critical. Always:
– Log and Audit: Use `aws cloudtrail` or `gcp logging` to track changes.
– Least Privilege: Apply strict IAM policies via aws iam create-policy.
– Incident Response: Isolate compromised instances using aws ec2 stop-instances.

For deeper cloud security, explore MITRE ATT&CK Cloud Matrix and CIS Benchmarks.

Expected Output:

[+] AWS Enumeration Complete: Found 3 over-permissive roles. 
[!] GCP Alert: Service account 'default' has Editor permissions.

Relevant URLs:

References:

Reported By: Florian Hansemann – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: