├── SpiderInThePod.pdf
└── README.md


/SpiderInThePod.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Esonhugh/My-Cloud-Security/HEAD/SpiderInThePod.pdf


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # My Cloud Security 
 2 | 
 3 | This is repo for my cloud security articlas or projects 
 4 | 
 5 | ### Articles
 6 | 
 7 | |Tags|Title|Location|Description|
 8 | |---| --- | --- | ---|
 9 | |k8s,realworld,unauth| Spider in the pod |https://github.com/Esonhugh/Spider-in-the-Pod-How-to-Penetrate-Kubernetes-with-Low-or-No-Privileges| A document for lateral movemnet in the kubernetes without any priv|
10 | |k8s,realworld,unauth| Aliyun Speech - Spider in the pod |https://github.com/Esonhugh/My-Cloud-Security/blob/Skyworship/SpiderInThePod.pdf| A document for lateral movemnet in the kubernetes without any priv|
11 | |suctf,ctf,aliyun,cloudprovider| easy k8s on aliyun |https://github.com/team-su/SUCTF-2025/tree/main/web/SU_easyk8s_on_aliyun/writeup| The official writeup of easy k8s on aliyun in SUCTF 2025, attack oss with ECS RAM Role and aliyun cli |
12 | |suctf,ctf,k8s| easy k8s |https://github.com/team-su/SUCTF-2025/tree/main/web/SU_easyk8s/writeup| The official writeup of easy k8s in SUCTF 2025|
13 | |htb,ctf,aws,gcp,cloudprovider|Hackthebox business 2024 CTF wp|https://github.com/Esonhugh/HTB-BusinessCTF-2024-Cloud| The writeup for the Hackthebox business 2024 CTF wp|
14 | |ctf,k8s,wiz|Wiz EKSClusterGame WP|https://github.com/Esonhugh/WizEKSClusterGame|The writeup of EKSCluster Game|
15 | |k8s,security|KubernetesCRInjection|https://github.com/Esonhugh/KubernetesCRInjection|Kubernetes Common/Custom Resources injection Attack|
16 | |k8s,security,certificate|KubernetesADCS|https://github.com/Esonhugh/KubernetesCS|Kubernetes has its own "ADCS", kubernetes ceritification security -- How To Backdoor a Kubernetes in silence and more persistent?|
17 | |k8s,security,lowpriv,java,heapdump,unauth|KubernetesHeapdump|https://github.com/Esonhugh/SpringCloudHeapdump|how to get a cluster admin with heapdump of spring cloud|
18 | |k8s,security,thm,ctf| Palsforlife| https://eson.ninja/pentest-learning/Tryhackme-Palsforlife/| My frist Kubernetes Hacking experience|
19 | |general,cloud,security|CloudSecurity Attack Code|https://github.com/Esonhugh/Attack_Code|My frist article for people begin the cloud|
20 | |docker,escape,security|Docker Release Agent Escape Note|https://github.com/Esonhugh/Docker-Release-Agent-Escape|My first step of docker escape research|
21 | 
22 | ### Tools
23 | 
24 | |Tags|Name|Location|Description|
25 | |---|---| ---|---|
26 | |cloud,aliyun,security,golang,cloudprovider|cf|https://github.com/teamssix/cf|DEPRECATED: Cloud Hacking tools for AKSK abusing(Targeted Aliyun/TencentCloud...)|
27 | |cloud,k8s,golang,lowpriv|k8spider|https://github.com/Esonhugh/k8spider|A k8s low privilige tool for pentest, you can use it for service discovery and other attack without any priv of RBAC|
28 | |cloud,k8s,golang,lowpriv,ingressnightmare|ingressNightmarePOC|https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-exps|Best EXP/POC for Ingress Nightmare CVE-2025-1974|
29 | |cloud,policy,parser,golang,lib,cloudprovider|CloudPolicy|https://github.com/Esonhugh/CloudPolicy|A tools for parse AWS like policy and generate the policy in a more golang way|
30 | |cloud,k8s,pve,openstack,ticket|TicketMaster|https://github.com/Esonhugh/TicketMaster| A tool for you to using certifate private key to generate a forged tickets|
31 | |aliyun,policy| Aliyun System managed policies|https://github.com/Esonhugh/aliyun-system-manage|a project for u to get aliyun managed policies|
32 | 
33 | ### Game Design
34 | 
35 | |Tags|Name|Location|Description|
36 | |---|---| ---|---|
37 | |github,cicd,token,git,leak|action ops|https://actionops.github.io/| a little game of github action ops abusing attack|
38 | |k8s,lowpriv,info-collection| easy k8s |https://github.com/team-su/SUCTF-2025/tree/main/web/SU_easyk8s/writeup| Game of easy k8s in SUCTF 2025|
39 | |aliyun,oss,enumeration| easy k8s on aliyun |https://github.com/team-su/SUCTF-2025/tree/main/web/SU_easyk8s_on_aliyun/writeup| Game of easy k8s on aliyun in SUCTF 2025|
40 | 


--------------------------------------------------------------------------------