My Cloud Security

This is repo for my cloud security articlas or projects

Articles

Tags	Title	Location	Description
k8s,realworld,unauth	Spider in the pod	https://github.com/Esonhugh/Spider-in-the-Pod-How-to-Penetrate-Kubernetes-with-Low-or-No-Privileges	A document for lateral movemnet in the kubernetes without any priv
k8s,realworld,unauth	Aliyun Speech - Spider in the pod	https://github.com/Esonhugh/My-Cloud-Security/blob/Skyworship/SpiderInThePod.pdf	A document for lateral movemnet in the kubernetes without any priv
suctf,ctf,aliyun,cloudprovider	easy k8s on aliyun	https://github.com/team-su/SUCTF-2025/tree/main/web/SU_easyk8s_on_aliyun/writeup	The official writeup of easy k8s on aliyun in SUCTF 2025, attack oss with ECS RAM Role and aliyun cli
suctf,ctf,k8s	easy k8s	https://github.com/team-su/SUCTF-2025/tree/main/web/SU_easyk8s/writeup	The official writeup of easy k8s in SUCTF 2025
htb,ctf,aws,gcp,cloudprovider	Hackthebox business 2024 CTF wp	https://github.com/Esonhugh/HTB-BusinessCTF-2024-Cloud	The writeup for the Hackthebox business 2024 CTF wp
ctf,k8s,wiz	Wiz EKSClusterGame WP	https://github.com/Esonhugh/WizEKSClusterGame	The writeup of EKSCluster Game
k8s,security	KubernetesCRInjection	https://github.com/Esonhugh/KubernetesCRInjection	Kubernetes Common/Custom Resources injection Attack
k8s,security,certificate	KubernetesADCS	https://github.com/Esonhugh/KubernetesCS	Kubernetes has its own "ADCS", kubernetes ceritification security -- How To Backdoor a Kubernetes in silence and more persistent?
k8s,security,lowpriv,java,heapdump,unauth	KubernetesHeapdump	https://github.com/Esonhugh/SpringCloudHeapdump	how to get a cluster admin with heapdump of spring cloud
k8s,security,thm,ctf	Palsforlife	https://eson.ninja/pentest-learning/Tryhackme-Palsforlife/	My frist Kubernetes Hacking experience
general,cloud,security	CloudSecurity Attack Code	https://github.com/Esonhugh/Attack_Code	My frist article for people begin the cloud
docker,escape,security	Docker Release Agent Escape Note	https://github.com/Esonhugh/Docker-Release-Agent-Escape	My first step of docker escape research

Tools

Tags	Name	Location	Description
cloud,aliyun,security,golang,cloudprovider	cf	https://github.com/teamssix/cf	DEPRECATED: Cloud Hacking tools for AKSK abusing(Targeted Aliyun/TencentCloud...)
cloud,k8s,golang,lowpriv	k8spider	https://github.com/Esonhugh/k8spider	A k8s low privilige tool for pentest, you can use it for service discovery and other attack without any priv of RBAC
cloud,k8s,golang,lowpriv,ingressnightmare	ingressNightmarePOC	https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-exps	Best EXP/POC for Ingress Nightmare CVE-2025-1974
cloud,policy,parser,golang,lib,cloudprovider	CloudPolicy	https://github.com/Esonhugh/CloudPolicy	A tools for parse AWS like policy and generate the policy in a more golang way
cloud,k8s,pve,openstack,ticket	TicketMaster	https://github.com/Esonhugh/TicketMaster	A tool for you to using certifate private key to generate a forged tickets
aliyun,policy	Aliyun System managed policies	https://github.com/Esonhugh/aliyun-system-manage	a project for u to get aliyun managed policies

Game Design

Tags	Name	Location	Description
github,cicd,token,git,leak	action ops	https://actionops.github.io/	a little game of github action ops abusing attack
k8s,lowpriv,info-collection	easy k8s	https://github.com/team-su/SUCTF-2025/tree/main/web/SU_easyk8s/writeup	Game of easy k8s in SUCTF 2025
aliyun,oss,enumeration	easy k8s on aliyun	https://github.com/team-su/SUCTF-2025/tree/main/web/SU_easyk8s_on_aliyun/writeup	Game of easy k8s on aliyun in SUCTF 2025