Cloud Resources

The user of cloud services such as AWS, Azure, GCP, although centralized security from providers, can have configuration vulnerabilities.

Starts with S3 buckets (AWS), blobs (Azure), cloud storage (GCP)

Apart from getting subdomains of cloud providers through crt.sh, we can also use google dorking.

AWS -> intext: domain name inurl: amazonaws.com
Azure -> intext: domain name inurl:blob.core.windows.net

Use domain.glass for third-party searches as well
Use [greyhatwarefare][https://buckets.grayhatwarfare.com/] for passive search of these buckets as well