Attacking Cloud Service Providers ACSP

Attacking Cloud Service Providers

A semester-length interactive textbook on control-plane intrusion and multi-tenant isolation attacks against cloud service providers.

13 chapters 275 real-world cases AWS · Azure · GCP offensive + defensive
⚠ Read this first — the angle of this book

This book is about hacking the cloud provider itself — breaking into the control plane, defeating cross-tenant isolation, and exploiting provider-side services and trust boundaries. It is not a guide to pentesting a single customer's cloud account. The target is the provider; the prize is everyone else's tenant. If your mental model of "cloud security" is misconfigured S3 buckets, this book will rebuild it.

§Who this is for

You are a security engineer, vulnerability researcher, or red-teamer — ideally one who works (or wants to work) inside a cloud provider, where the job is to find isolation-breaking bugs before attackers do. You already know web security cold: SSRF, XXE, CSRF, request smuggling, deserialization, OAuth/OIDC are tools you own. This book does not re-teach them. What it teaches is the cloud-specific attack surface those tools unlock — and a way of thinking that turns "a parsing quirk" into "cross-tenant compromise."

§The six-part lens

Every vulnerability in this book is examined through one analytical lens, introduced in Chapter 1 and used in every chapter thereafter. It is the transferable skill the 275-case corpus exists to build.

01 · PLANE

Where does it sit?

The data plane or the control plane — and what reaching it grants you.

02 · BOUNDARY

Which isolation fails?

Network, identity, hypervisor, namespace, account, or naming.

03 · IDENTITY

Whose creds run this?

Where identity is attached, and where it is trusted without re-checking.

04 · SHARED

What is shared?

A host agent, a build fleet, a front-end, a namespace — shared means blast radius.

05 · "MAGIC"

What does the provider automate?

Automation runs with privilege. That privilege is the target.

06 · DETECTION

What gets logged?

What the provider sees, what is invisible, and how attackers stay under it.

§Table of contents

Part I · Foundations
Chapter 1
How the Public Cloud Works
Data plane vs control plane, multi-tenancy, and the managed-Kubernetes architecture that runs it — plus the six-part lens.
Part I · Foundations
Chapter 2
The CSP Kill Chain & Reconnaissance
The five-stage CSP kill chain, then reconnaissance — how to find a way into the provider.
Part II · Core Primitives
Chapter 3
Identity Federation & Trust-Root Compromise
Federation as a skeleton key: missing conditions, forgeable signing keys, and trust-root backdoors.
Part II · Core Primitives
Chapter 4
Instance Metadata & SSRF
The metadata service as a credential vending machine — and SSRF into provider internals.
Part II · Core Primitives
Chapter 5
Control-Plane Network Isolation
Host↔guest channels, routing & peering attacks, shared front-ends, soft boundaries.
Part II · Core Primitives
Chapter 6
Containers, K8s & Workload Escape
Container → node → managed control plane: escaping the shared back-plane.
Part III · Service Surfaces
Chapter 7
Storage & Data Services
The global namespace as a target: bucket squatting, confusion, and cross-account trust.
Part III · Service Surfaces
Chapter 8
Databases & Data Management
Managed-engine feature abuse to the host, then into the provider's network. ChaosDB, in full.
Part III · Service Surfaces
Chapter 9
Serverless, Low-Code & CI/CD
Automation runs with privilege: confused deputies, managed runners, OIDC, build pipelines.
Part III · Service Surfaces
Chapter 10
AI/ML Services Attack Surface
Managed ML as multi-tenant compute with a thin veneer — escapes and cross-tenant model theft.
Part IV · Synthesis
Chapter 11
Cross-Tenant & Provider-Side
The thesis head-on: classifying isolation breaks and reasoning about blast radius.
Part IV · Synthesis
Chapter 12
Logging & Detection Evasion
What audit logs do and don't capture — and operating beneath the provider's eye.

§How to read this book

Chapters are cumulative — each assumes the concepts and the lens from the ones before it. Read in order the first time. Every chapter ends with an attacker's checklist, and a defender's mirror; click callouts to collapse them, and click code to copy it.

ℹ Note

Every attack in this book is drawn from published, fixed vulnerabilities, archived from public research. Citations link to a local archived copy and the original source. This material is for authorized security research, provider-side red-teaming, and education — not for attacking systems you do not own or have permission to test.

◆ The one idea

A cloud provider's deepest promise is isolation — that millions of strangers can share the same hardware and never touch. This book is the study of how that promise breaks. Turn to Chapter 1 to begin.