Chapter 29 Further Reading: Cloud Security Testing

Books

"Hacking the Cloud" by Matt Burrough (No Starch Press, 2023). A comprehensive guide to cloud penetration testing covering AWS, Azure, and GCP. Includes practical exploitation techniques and defensive strategies with hands-on labs.
"AWS Penetration Testing" by Jonathan Helmus (Packt, 2021). Focused specifically on AWS security testing, this book covers IAM exploitation, S3 misconfigurations, Lambda attacks, and using Pacu for structured assessments.
"Practical Cloud Security" by Chris Dotson (O'Reilly, 2019). Provides a solid foundation in cloud security architecture, covering the shared responsibility model, identity management, data protection, and compliance across major cloud providers.
"Cloud Security and Privacy" by Tim Mather, Subra Kumaraswamy, and Shahed Latif (O'Reilly, 2009; updated editions available). While the original edition predates modern cloud security, updated editions provide foundational understanding of cloud risk management and governance frameworks.
"Kubernetes Security and Observability" by Brendan Creane and Amit Gupta (O'Reilly, 2021). Essential for testing containerized environments in the cloud, covering network policies, pod security, and runtime threat detection.

Rhino Security Labs. "AWS IAM Privilege Escalation — Methods and Mitigations." The definitive research on AWS IAM privilege escalation techniques. Originally documented 21 methods by Spencer Gietzen, with ongoing updates as new techniques are discovered.
Wiz Research. "ChaosDB: How We Hacked Thousands of Azure Customers' Databases" (2021). The original technical write-up of the ChaosDB vulnerability, providing detailed analysis of container escape, network segmentation failure, and cross-tenant access.
NIST SP 800-144: "Guidelines on Security and Privacy in Public Cloud Computing." A foundational reference for cloud security governance, risk assessment, and compliance. While somewhat dated, the principles remain relevant.
CSA (Cloud Security Alliance). "Cloud Controls Matrix" and "Security Guidance for Critical Areas of Focus in Cloud Computing." Industry-standard frameworks for cloud security assessment and governance.
CIS Benchmarks for AWS, Azure, and GCP. Detailed, prescriptive security configuration guides published by the Center for Internet Security. These benchmarks form the basis for tools like Prowler and ScoutSuite.

flAWS.cloud (by Scott Piper). An interactive challenge that teaches AWS security through hands-on exploitation of progressively complex S3, EC2, and IAM misconfigurations. Available at flaws.cloud and flaws2.cloud. Free and regularly updated.
CloudGoat (Rhino Security Labs). A "Vulnerable by Design" AWS deployment tool that creates intentionally misconfigured environments for practicing cloud exploitation. Includes scenarios covering IAM privilege escalation, SSRF, Lambda exploitation, and more. Open source on GitHub.
Hacking the Cloud (hackingthe.cloud). A community-maintained encyclopedia of cloud security attack techniques, organized by cloud provider and service. Provides practical exploitation steps and references.
SANS Cloud Security Courses. SEC510 (Cloud Security Controls and Mitigations), SEC541 (Cloud Security Threat Detection), and SEC588 (Cloud Penetration Testing) provide structured training in cloud security assessment.
AWS Security Documentation. AWS maintains extensive security documentation including the Well-Architected Security Pillar, security best practices whitepapers, and service-specific security guides. Essential background for any AWS penetration test.

Pacu Documentation (Rhino Security Labs). Comprehensive documentation for the Pacu AWS exploitation framework, including module descriptions, usage examples, and contribution guidelines. Available on the Pacu GitHub wiki.
ScoutSuite Documentation (NCC Group). Usage guides and rule documentation for ScoutSuite multi-cloud security auditing. Covers configuration, custom rules, and report interpretation.
Prowler Documentation. Extensive documentation covering Prowler's 300+ checks, compliance mappings, configuration options, and integration with CI/CD pipelines.
CloudSploit Documentation (Aqua Security). Open-source cloud security scanner with documentation covering AWS, Azure, GCP, and Oracle Cloud checks.

Rhino Security Labs Blog (rhinosecuritylabs.com/blog). Regular publications on AWS exploitation techniques, tool releases, and cloud security research from the team behind Pacu.
Wiz Blog (wiz.io/blog). Cutting-edge cloud security research including provider-side vulnerability discoveries, attack technique analysis, and industry trend reports.
tl;dr sec Newsletter (by Clint Gibler). Weekly newsletter covering the latest in application and cloud security, including new tools, techniques, and research papers.
Scott Piper's Cloud Security Newsletter and Blog. Focused cloud security content from the creator of flAWS.cloud, covering AWS security developments, misconfigurations, and best practices.
Christophe Tafani-Dereeper's Blog (blog.christophetd.fr). In-depth technical posts on cloud attack techniques, including AWS post-exploitation and detection methods.

SOC 2 Type II Reports. Understand what cloud providers' SOC 2 reports cover and, more importantly, what they do not cover. These reports are essential for vendor risk assessment.
FedRAMP Authorization. For organizations working with US government data, understanding FedRAMP requirements provides insight into the highest baseline cloud security standards.
HIPAA Cloud Guidance. HHS guidance on HIPAA compliance in cloud environments, relevant for healthcare organizations like MedSecure that store PHI in cloud services.
PCI DSS Cloud Computing Guidelines. PCI SSC guidance on maintaining PCI DSS compliance in cloud environments, covering shared responsibility, segmentation, and evidence requirements.