Table of Contents

Click Here to Return To the Certified Ethical Hacker (CEH v13) Course Page

Cloud Computing Threats targets cloud environments in the EC-Council CEH v13 course. This module covers the shared responsibility model, common misconfigurations, identity attacks, container risks, and the controls that secure cloud workloads. Cloud providers require written authorization and often a formal pen-test request before any testing, so confirm the rules before you scan.

Most cloud breaches come from customer misconfiguration, not a flaw in the provider. You learn where those gaps appear and how attackers exploit them.

Shared Responsibility Model

The provider secures the cloud, and you secure what you put in it. The split shifts by service model.

ModelProvider securesYou secure
IaaSHardware, hypervisorOS, apps, data, IAM
PaaSOS, runtimeApps, data, access
SaaSMost of the stackData, user access

A misread of this model is the root cause of most cloud incidents.

To compare the major platforms, see AWS vs Azure vs Google Cloud Platform .

Common Cloud Misconfigurations

Attackers scan for predictable mistakes that expose data and control.

  • Open storage buckets leave S3 or blob storage public to the internet.
  • Exposed APIs and metadata endpoints leak credentials and tokens.
  • Weak IAM policies grant broad permissions with wildcards.
  • Hardcoded keys sit in source code, containers, and config files.

The instance metadata service is a frequent target. A server-side request forgery flaw can pull temporary credentials from it.

# Classic IMDSv1 credential theft from a vulnerable host
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/

IMDSv2 requires a session token and blocks this simple request, so enforce it.

Cloud Auditing Tools

You assess cloud posture with purpose-built tools.

ToolUse
ScoutSuiteMulti-cloud configuration audit
PacuAWS exploitation framework
CloudSploitMisconfiguration scanning

These tools map permissions, find public resources, and flag risky settings across an account.

Container and Serverless Risks

Containers add their own attack surface. Container escape breaks out of a container to the host when the runtime is misconfigured or over-privileged.

  • Privileged containers share the host kernel with full rights.
  • Exposed Docker sockets hand an attacker control of the host.
  • Vulnerable images ship with known CVEs and embedded secrets.

To understand the isolation tradeoffs, read Docker vs VMs .

Cloud Defense

ControlPurpose
CSPMFinds and fixes misconfigurations continuously
Least privilegeLimits IAM roles to required actions
EncryptionProtects data at rest and in transit
LoggingRecords API calls for detection and forensics

Least-privilege IAM and continuous posture management stop most cloud attacks before they start.

Next Steps

Continue with Cryptography and PKI . Review the previous module on IoT and OT Hacking , compare providers in AWS vs Azure vs Google Cloud Platform , and study isolation in Docker vs VMs . Return to the Certified Ethical Hacker (CEH v13) Course .