On the pentest fintech company, I found an S3-backet with Baks of DB in three minutes - aws s3 ls s3://company-prod-backups --no-sign-request. Inside were SQL-dumps with PII for hundreds of thousands of customers, API keys to payment gateway and .env-clairy from credentials from RDS-instand. The bucket has been hanging for over a year. CSPM did not have a client. None.
This is not a unique case - it is the norm. According to CrowdStrike Global Threat Report 2025, the number of cloud incursions increased by 26% year-on-year, and the IBM X-Force Threat Intelligence Index 2025 records an increase in attacks using valid credentials by 71%. The misification of the cloud is the cheapest for the attacking vector: you do not need zero-day, you do not need social engineering. Enough curl and understanding where to look.
Kill chain cloud attack through the myconfiguration of storage
The attack on unprotected cloud storage is consistent with specific tactics of MITRE ATT&CK. Here's the mapping chain I'm on the cloud's pentests:
The chain is not linear - it branches depending on the finds. The open tank gives a straight path to T1530. The leaked key in .env- the file is T1078.004 and then the field movement within the cloud account. SSRF in the EC2 web application is the classic T1552.005 with the extraction of temporary credentials from the metadata service (Atomic Red Team tests are available for Azure, on AWS is reproduced manually via curl to 169,254.169.254). OWASP attributes open cloud storages to the category A05:2021 - Security Misconfiguration: insecure default configurations, open cloud storage.
Recon: how attackers find open S3-bouquets and cloud storage
Adjustments to the environment
• OS: Linux (Kali/Ubuntu 22.04+) or macOS
• Minimum resources: 2 GB RAM, 10 GB of free space (to store scanning results)
• Tools: AWS CLI v2, Azure CLI (az), Google Cloud SDK (gsutil) trufflehogv3 (>15k GitHub stars, actively supported), s3scanner(Last release: 2023, Python)
• Network: Internet access is required (cloud APIs are not available offline)
• Privileges: initial reconnaissance is performed anonymously (--no-sign-request); for a deep enumeration, any valid IAM credentials is needed
AWS S3: Three Approaches to Detection
Passive intelligence. Google Dorks Type site:s3.amazonaws.com "companyname" and inurl:s3.amazonaws.com filetype:sql - the first thing you start with. GrayhatWarfare (grayhatwarfare.com) aggregates the public tanka index with a search for keywords and file names. SSL certificates via crt.sh will show subdomains, some of which indicate S3-hosted resources. GrayhatWarfare and CloudFox (BishopFox) list AWS’s public cloud resources through a combination of methods.
Oversize the names of the tanks. S3-bouquets live in the global namespace - if company-prod-backups Exists, it belongs to someone. I generate options from the name of the company, products, environments: company-backup, company-staging, company-logs, company-assets-prod. Tool s3scanner Automates too much and checks the ACL of each container found. Applicability: external pentest without credentials.
Through the credentials leak. In practice, the most effective way is the most effective way. trufflehog scans git history and pulls AWS keys, tokens, passwords. According to CrowdStrike Global Threat Report 2025, the number of cloud incursions increased by 26% year-on-year. The IBM X-Force Threat Intelligence Index 2025 captures an increase of 71% of valid credentials attacks – cloud keys are included in this vector along with corporate account data.
If get-bucket-acl (Requires IAM credentials with the right s3:GetBucketAcl) returns grant for AllUsers or AuthenticatedUsers - public S3 bucket, no longer need to be explained. If get-bucket-policy Contains "Principal": "*" - the same result. Enonymous verification is enough aws s3 ls or list-objects-v2 c --no-sign-request: successful response = public access.
Azure Blob Storage and GCP: similar patterns
Azure. Containers inside storage accounts. Anonymous access is possible if storage account allows allowBlobPublicAccess and the container is configured as container (listening and reading) or blob (reading by direct link). Verification: curl -s -H 'x-ms-version: 2021-12-02' "https://<account>.blob.core.windows.net/<container>?restype=container&comp=list" - XML with a list of blobs means an open container. Microsoft changed the default for the new storage accounts in November 2023, disableing the anonymous public access at the level of account by default, but the existing accounts with the Azure Blob Storage immensionalization did not touch the update. The BlobHunter (Python, last update: 2022) lists the storage of Qur’an subscriptions and checks public access.
GCP. Team gsutil ls gs://bucket-name for anonymous verification. GCP bucket misconfiguration is often associated with the fact that uniform bucket-level access is not included - then each object can have its own ACL, and control turns into chaos. Organizational policy constraints/storage.publicAccessPrevention at the organization level and VPC Service Controls to prevent data exfiltration, there are two main protective boundaries.
Exploitation: from listing to full access
Open S3-bouquets - reading, writing, ransomware
Three scenarios for the operation of open S3-bouquets depending on ACL:
Just reading. The attacker lists objects (T1619, Cloud Storage Object Discovery), finds SQL-dumps, config files, backups - and pulls everything (T1530, Data from Cloud Storage). Data leakage through S3 in this scenario takes place over a watch: according to IBM Cost of a Data Breach Report, the average time of detection of leaks is historically about 200+ days - during this time, terabies have already been stolen. And automated scanners work 24/7, indexing millions of potential targets.
According to Verizon DBIR, the mys configuration remains one of the leading factors of leakage - up to 38% of web incidents are associated with configuration errors. A significant proportion is directly with cloud storage misconfiguration.
Recording is available. If ACL or policy permits s3
utObject - it's not a leak, it's an infrastructure. The attacker replaces files (supply chains through static asssets), downloads web-based, places a phishing page on a trusted domain. According to Sprocket Security, the S3 bucket backtover was detected on the pentests: the domain pointed to a tank that no longer existed. The attacker logged into a tank with the same name and distributed malicious content from a corporate domain. The DNS record remained after the migration - and no one cleaned it. Classic story: left, and the keys were left in the door.
S3-ransomware. Ransomware groups are actively aiming for S3. According to a study by Halcyon Research (January 2025, the Codefinger campaign) is described the re-write scenario using SSE-C (Severr-Side Encryption with Customer-Provided Keys - the key is only an attacker) and remove the originals with the download ransome note. Separately, the abuse of SSE-KMS with the rotation of the encryption key to the attacker is described. According to the researchers, the attacker first of all checks three settings: the lack of versioning (you can not roll back), the disabled Object Lock (objects can be re-recorded), the absence of MFA Delete (removal without confirmation). All three are made - the compact target for ransomware.
Trend Micro and other researchers describe a wider range of cloud targets: EBS-slipshots, RDS bases, ECR container images, and backup (S3, Glacier, AWS Backup). Logic of the attackers: destroy backups, encrypt the basic data, leave the victim without a recovery path.
Case 2025. Researchers at Casmer Labs (Cloud Storage Security) have discovered a publicly available S3-backet with hundreds of thousands of PDF files of bank payment orders in India’s financial system. Names, addresses, telephone numbers, bank account numbers and IFSC routing codes. The bucket was alive - the new files continued to be uploaded during the analysis. It took nothing to access - the tank simply had public read access. It's not a break-in. It's a mys configuration.
Public Spineshots AWS: credentials on a platter
The Create Snapshot (T1578.001, Defense Immunization) in MITRE AT&CK describes the creation or detection of smoked discs for offline data access. On pentests, public AWS snapshots give more results than open tanks – and findings are usually more critical.
Cloud Storage Security identifies four factors that slow down the response: the lack of a complete cloud storage inventory, lack of classification of data (a bouquet with marketing screenshots is not the same as a tank with banking forms), limited visibility of object-level activity and unclear ownership of resources.
For the peness, these gaps are a hint of where to dig. Prowler (actively supported, >10k stars GitHub) and ScoutSuite (last update: 2024) launch in the first stage of the internal cloud pentest. In minutes, they find public tanks, redundant IAM policies, disconnected by CloudTrail, lack of encryption.
Decision tree: selecting a vector for a cloudy pentest
Two years of cloud audits – from startups to enterprise – and one stable pattern. The security team buys CSPM, sets the rules, considers the task closed. In six months, hundreds of undeveloped findings hang in the tickette system, and DevOps continues to create tanks through the console, bypassing IaC-pipeline. According to CrowdStrike Global Threat Report 2025, the number of cloud incursions increased by 26% over the year - despite the fact that protection tools have increased.
The problem is not the detective technology. Ownership cloud resources is growing between DevOps, SRE and Security – and no team thinks the security of cloud storages is their headache. CSPM finds a problem, but no one fixes it because a particular tank is not tied to a specific person. Until the ownership is assigned to an engineer with altrates in his PageDuty (and not behind an abstract “infrastructure command”), all monitoring tools generate noise, not protection.
This is not a unique case - it is the norm. According to CrowdStrike Global Threat Report 2025, the number of cloud incursions increased by 26% year-on-year, and the IBM X-Force Threat Intelligence Index 2025 records an increase in attacks using valid credentials by 71%. The misification of the cloud is the cheapest for the attacking vector: you do not need zero-day, you do not need social engineering. Enough curl and understanding where to look.
Kill chain cloud attack through the myconfiguration of storage
The attack on unprotected cloud storage is consistent with specific tactics of MITRE ATT&CK. Here's the mapping chain I'm on the cloud's pentests:
The chain is not linear - it branches depending on the finds. The open tank gives a straight path to T1530. The leaked key in .env- the file is T1078.004 and then the field movement within the cloud account. SSRF in the EC2 web application is the classic T1552.005 with the extraction of temporary credentials from the metadata service (Atomic Red Team tests are available for Azure, on AWS is reproduced manually via curl to 169,254.169.254). OWASP attributes open cloud storages to the category A05:2021 - Security Misconfiguration: insecure default configurations, open cloud storage.
Recon: how attackers find open S3-bouquets and cloud storage
Adjustments to the environment
• OS: Linux (Kali/Ubuntu 22.04+) or macOS
• Minimum resources: 2 GB RAM, 10 GB of free space (to store scanning results)
• Tools: AWS CLI v2, Azure CLI (az), Google Cloud SDK (gsutil) trufflehogv3 (>15k GitHub stars, actively supported), s3scanner(Last release: 2023, Python)
• Network: Internet access is required (cloud APIs are not available offline)
• Privileges: initial reconnaissance is performed anonymously (--no-sign-request); for a deep enumeration, any valid IAM credentials is needed
AWS S3: Three Approaches to Detection
Passive intelligence. Google Dorks Type site:s3.amazonaws.com "companyname" and inurl:s3.amazonaws.com filetype:sql - the first thing you start with. GrayhatWarfare (grayhatwarfare.com) aggregates the public tanka index with a search for keywords and file names. SSL certificates via crt.sh will show subdomains, some of which indicate S3-hosted resources. GrayhatWarfare and CloudFox (BishopFox) list AWS’s public cloud resources through a combination of methods.
Oversize the names of the tanks. S3-bouquets live in the global namespace - if company-prod-backups Exists, it belongs to someone. I generate options from the name of the company, products, environments: company-backup, company-staging, company-logs, company-assets-prod. Tool s3scanner Automates too much and checks the ACL of each container found. Applicability: external pentest without credentials.
Through the credentials leak. In practice, the most effective way is the most effective way. trufflehog scans git history and pulls AWS keys, tokens, passwords. According to CrowdStrike Global Threat Report 2025, the number of cloud incursions increased by 26% year-on-year. The IBM X-Force Threat Intelligence Index 2025 captures an increase of 71% of valid credentials attacks – cloud keys are included in this vector along with corporate account data.
If get-bucket-acl (Requires IAM credentials with the right s3:GetBucketAcl) returns grant for AllUsers or AuthenticatedUsers - public S3 bucket, no longer need to be explained. If get-bucket-policy Contains "Principal": "*" - the same result. Enonymous verification is enough aws s3 ls or list-objects-v2 c --no-sign-request: successful response = public access.
Azure Blob Storage and GCP: similar patterns
Azure. Containers inside storage accounts. Anonymous access is possible if storage account allows allowBlobPublicAccess and the container is configured as container (listening and reading) or blob (reading by direct link). Verification: curl -s -H 'x-ms-version: 2021-12-02' "https://<account>.blob.core.windows.net/<container>?restype=container&comp=list" - XML with a list of blobs means an open container. Microsoft changed the default for the new storage accounts in November 2023, disableing the anonymous public access at the level of account by default, but the existing accounts with the Azure Blob Storage immensionalization did not touch the update. The BlobHunter (Python, last update: 2022) lists the storage of Qur’an subscriptions and checks public access.
GCP. Team gsutil ls gs://bucket-name for anonymous verification. GCP bucket misconfiguration is often associated with the fact that uniform bucket-level access is not included - then each object can have its own ACL, and control turns into chaos. Organizational policy constraints/storage.publicAccessPrevention at the organization level and VPC Service Controls to prevent data exfiltration, there are two main protective boundaries.
Exploitation: from listing to full access
Open S3-bouquets - reading, writing, ransomware
Three scenarios for the operation of open S3-bouquets depending on ACL:
Just reading. The attacker lists objects (T1619, Cloud Storage Object Discovery), finds SQL-dumps, config files, backups - and pulls everything (T1530, Data from Cloud Storage). Data leakage through S3 in this scenario takes place over a watch: according to IBM Cost of a Data Breach Report, the average time of detection of leaks is historically about 200+ days - during this time, terabies have already been stolen. And automated scanners work 24/7, indexing millions of potential targets.
According to Verizon DBIR, the mys configuration remains one of the leading factors of leakage - up to 38% of web incidents are associated with configuration errors. A significant proportion is directly with cloud storage misconfiguration.
Recording is available. If ACL or policy permits s3
utObject - it's not a leak, it's an infrastructure. The attacker replaces files (supply chains through static asssets), downloads web-based, places a phishing page on a trusted domain. According to Sprocket Security, the S3 bucket backtover was detected on the pentests: the domain pointed to a tank that no longer existed. The attacker logged into a tank with the same name and distributed malicious content from a corporate domain. The DNS record remained after the migration - and no one cleaned it. Classic story: left, and the keys were left in the door.S3-ransomware. Ransomware groups are actively aiming for S3. According to a study by Halcyon Research (January 2025, the Codefinger campaign) is described the re-write scenario using SSE-C (Severr-Side Encryption with Customer-Provided Keys - the key is only an attacker) and remove the originals with the download ransome note. Separately, the abuse of SSE-KMS with the rotation of the encryption key to the attacker is described. According to the researchers, the attacker first of all checks three settings: the lack of versioning (you can not roll back), the disabled Object Lock (objects can be re-recorded), the absence of MFA Delete (removal without confirmation). All three are made - the compact target for ransomware.
Trend Micro and other researchers describe a wider range of cloud targets: EBS-slipshots, RDS bases, ECR container images, and backup (S3, Glacier, AWS Backup). Logic of the attackers: destroy backups, encrypt the basic data, leave the victim without a recovery path.
Case 2025. Researchers at Casmer Labs (Cloud Storage Security) have discovered a publicly available S3-backet with hundreds of thousands of PDF files of bank payment orders in India’s financial system. Names, addresses, telephone numbers, bank account numbers and IFSC routing codes. The bucket was alive - the new files continued to be uploaded during the analysis. It took nothing to access - the tank simply had public read access. It's not a break-in. It's a mys configuration.
Public Spineshots AWS: credentials on a platter
The Create Snapshot (T1578.001, Defense Immunization) in MITRE AT&CK describes the creation or detection of smoked discs for offline data access. On pentests, public AWS snapshots give more results than open tanks – and findings are usually more critical.
Cloud Storage Security identifies four factors that slow down the response: the lack of a complete cloud storage inventory, lack of classification of data (a bouquet with marketing screenshots is not the same as a tank with banking forms), limited visibility of object-level activity and unclear ownership of resources.
For the peness, these gaps are a hint of where to dig. Prowler (actively supported, >10k stars GitHub) and ScoutSuite (last update: 2024) launch in the first stage of the internal cloud pentest. In minutes, they find public tanks, redundant IAM policies, disconnected by CloudTrail, lack of encryption.
Decision tree: selecting a vector for a cloudy pentest
Two years of cloud audits – from startups to enterprise – and one stable pattern. The security team buys CSPM, sets the rules, considers the task closed. In six months, hundreds of undeveloped findings hang in the tickette system, and DevOps continues to create tanks through the console, bypassing IaC-pipeline. According to CrowdStrike Global Threat Report 2025, the number of cloud incursions increased by 26% over the year - despite the fact that protection tools have increased.
The problem is not the detective technology. Ownership cloud resources is growing between DevOps, SRE and Security – and no team thinks the security of cloud storages is their headache. CSPM finds a problem, but no one fixes it because a particular tank is not tied to a specific person. Until the ownership is assigned to an engineer with altrates in his PageDuty (and not behind an abstract “infrastructure command”), all monitoring tools generate noise, not protection.
