Attacking Cloud Service Providers A semester-length interactive textbook on control-plane intrusion and multi-tenant isolation attacks against cloud service providers. 13 chapters 275 real-world cases AWS · Azure · GCP offensive + defensive ⚠ Read this first — the angle of this book This book is about hacking the cloud provider itself — breaking into the control plane , defeating cross-tenant isolation , and exploiting provider-side services and trust boundaries. It is not a guide to pentesting a single customer's cloud account. The target is the provider; the prize is everyone else's tenant. If your mental model of "cloud security" is misconfigured S3 buckets, this book will rebuild it. § Who this is for You are a security engineer, vulnerability researcher, or red-teamer — ideally one who works (or wants to work) inside a cloud provider , where the job is to find isolation-breaking bugs before attackers do. You already know web security cold: SSRF, XXE, CSRF, request smuggling, deserialization, OAuth/OIDC are tools you own. This book does not re-teach them. What it teaches is the cloud-specific attack surface those tools unlock — and a way of thinking that turns "a parsing quirk" into "cross-tenant compromise." § The six-part lens Every vulnerability in this book is examined through one analytical lens, introduced in Chapter 1 and used in every chapter thereafter. It is the transferable skill the 275-case corpus exists to build. 01 · PLANE Where does it sit? The data plane or the control plane — and what reaching it grants you. 02 · BOUNDARY Which isolation fails? Network, identity, hypervisor, namespace, account, or naming . 03 · IDENTITY Whose creds run this? Where identity is attached, and where it is trusted without re-checking. 04 · SHARED What is shared? A host agent, a build fleet, a front-end, a namespace — shared means blast radius. 05 · "MAGIC" What does the provider automate? Automation runs with privilege. That privilege is the target. 06 · DETECTION What gets logged? What the provider sees, what is invisible, and how attackers stay under it. § Table of contents Part I · Foundations Chapter 1 How the Public Cloud Works Data plane vs control plane, multi-tenancy, and the managed-Kubernetes architecture that runs it — plus the six-part lens. Part I · Foundations Chapter 2 The CSP Kill Chain & Reconnaissance The five-stage CSP kill chain, then reconnaissance — how to find a way into the provider. Part II · Core Primitives Chapter 3 Identity Federation & Trust-Root Compromise Federation as a skeleton key: missing conditions, forgeable signing keys, and trust-root backdoors. Part II · Core Primitives Chapter 4 Instance Metadata & SSRF The metadata service as a credential vending machine — and SSRF into provider internals. Part II · Core Primitives Chapter 5 Control-Plane Network Isolation Host↔guest channels, routing & peering attacks, shared front-ends, soft boundaries. Part II · Core Primitives Chapter 6 Containers, K8s & Workload Escape Container → node → managed control plane: escaping the shared back-plane. Part III · Service Surfaces Chapter 7 Storage & Data Services The global namespace as a target: bucket squatting, confusion, and cross-account trust. Part III · Service Surfaces Chapter 8 Databases & Data Management Managed-engine feature abuse to the host, then into the provider's network. ChaosDB, in full. Part III · Service Surfaces Chapter 9 Serverless, Low-Code & CI/CD Automation runs with privilege: confused deputies, managed runners, OIDC, build pipelines. Part III · Service Surfaces Chapter 10 AI/ML Services Attack Surface Managed ML as multi-tenant compute with a thin veneer — escapes and cross-tenant model theft. Part IV · Synthesis Chapter 11 Cross-Tenant & Provider-Side The thesis head-on: classifying isolation breaks and reasoning about blast radius. Part IV · Synthesis Chapter 12 Logging & Detection Evasion What audit logs do and don't capture — and operating beneath the provider's eye. § How to read this book Chapters are cumulative — each assumes the concepts and the lens from the ones before it. Read in order the first time. Every chapter ends with an attacker's checklist , and a defender's mirror ; click callouts to collapse them, and click code to copy it. ℹ Note ▾ Every attack in this book is drawn from published, fixed vulnerabilities, archived from public research. Citations link to a local archived copy and the original source. This material is for authorized security research, provider-side red-teaming, and education — not for attacking systems you do not own or have permission to test. ◆ The one idea A cloud provider's deepest promise is isolation — that millions of strangers can share the same hardware and never touch. This book is the study of how that promise breaks. Turn to Chapter 1 to begin.