an interactive textbook on control-plane intrusion and breaking cross-tenant isolation,
built from 275 real-world cloud service provider(CSP) vulnerabilities.
📖 Read online · Open locally · Curriculum · Chapters · How it was built
This repository is a complete, self-contained course — curriculum + interactive textbook — that teaches security engineers how to attack a cloud service provider (CSP) itself.
This is about hacking the cloud provider, not pentesting a customer of one. Most "cloud security" material teaches you to assess a single tenant — the public S3 bucket, the over-permissioned role, the exposed VM. Here the target is the provider: the multi-tenant control plane, managed services, host agents, metadata endpoints, internal APIs, and the isolation boundaries meant to keep tenants apart. The prize is not one account; it is everyone else's, or the provider's own infrastructure. Traditional in-tenant techniques appear only as building blocks — never the destination.
Security engineers, vulnerability researchers, and red-team operators — especially those who work (or want to work) inside a cloud provider, where the job is to find isolation-breaking and control-plane bugs before external attackers do. It is also relevant to managed-service ("cloud-adjacent") vendors who inherit the same multi-tenant problems.
Prerequisites: solid web-security fundamentals. The book assumes you already know SSRF, XXE, CSRF, request smuggling, deserialization, and OAuth/OIDC. It does not re-teach them — it teaches the cloud-specific attack surface they unlock.
The textbook is a self-contained static site. No build step, no server, no network needed.
git clone <this-repo>
cd csp_research
open book/index.html # macOS — or just double-click the fileEverything works offline over file://: 12 chapters, hand-drawn SVG diagrams, syntax-
highlighted code, collapsible callouts, copy-to-clipboard, a light/dark theme toggle, and an
auto-generated "on this page" navigator. Read the chapters in order the first time — each
builds on the concepts and the analytical lens established by the ones before it.
Every vulnerability in the book is analysed through one reusable analytical lens, introduced in Chapter 1 and applied in every chapter thereafter. It is the transferable skill the whole project exists to build:
| # | Lens | The question it asks |
|---|---|---|
| 1 | Plane | Data plane or control plane — and what sitting there grants? |
| 2 | Boundary | Which isolation fails — network, identity, hypervisor, namespace, account, or naming? |
| 3 | Identity | Whose credentials run this request? Where is identity trusted without re-checking? |
| 4 | Shared component | What is shared across tenants? Shared means blast radius. |
| 5 | Provider "magic" | What does the provider automate? Automation runs with privilege. |
| 6 | Detection surface | What gets logged? What is invisible? How do attackers stay under it? |
| # | Chapter | Focus |
|---|---|---|
| — | Cover & how to read | Course overview, the six-part lens |
| 1 | How the Public Cloud Works | Data plane vs control plane, multi-tenancy, the managed-Kubernetes architecture, the lens |
| 2 | The CSP Kill Chain & Reconnaissance | The five-stage CSP kill chain, then recon — how to find a way into the provider |
| 3 | Identity Federation & Trust-Root Compromise | Federation as a skeleton key: missing conditions, forgeable signing keys, trust-root backdoors |
| 4 | Instance Metadata & SSRF | The metadata service as a credential vending machine |
| 5 | Control-Plane Network Isolation | Host↔guest channels, routing/peering attacks, shared front-ends |
| 6 | Containers, K8s & Workload Escape | Container → node → managed control plane |
| 7 | Storage & Data Services | The global namespace as a target: squatting, confusion, cross-account trust |
| 8 | Databases & Data Management | Managed-engine feature abuse to the host — ChaosDB, in full |
| 9 | Serverless, Low-Code & CI/CD | Confused deputies, managed runners, OIDC, build pipelines |
| 10 | AI/ML Services Attack Surface | Managed ML as multi-tenant compute; cross-tenant model theft |
| 11 | Cross-Tenant & Provider-Side | The thesis: classifying isolation breaks, reasoning about blast radius |
| 12 | Logging & Detection Evasion | What audit logs miss; operating beneath the provider's eye |
The full module specification — learning outcomes, attack-surface breakdown, and corpus
mapping — is in curriculum.md.
This course was built from a curated research corpus, not written from memory. The pipeline:
- Corpus.
public_research.csvcatalogues 275 real-world CSP vulnerabilities and attack chains — AWS (117), Azure (89), GCP (53), multi-cloud and others — each with provider, affected service, attack type, architecture element, and a source link. - Archival. Every source article was downloaded and archived locally into
posts/— 274 of 275 captured (99.6%; the one gap has no URL in the source data), with images localised so each page renders offline. Cloudflare-walled sources were recovered via the Wayback Machine and headless-browser rendering. - Indexing. Every archived article was read and distilled into a structured index
(
writing/article_index.md) — technique, preconditions, impact, control-plane vs data-plane, and a perspective tag:provider-side/cross-tenant/control-plane-intrusion(113 headline cases) versusin-tenant(162 supporting-context cases). The perspective tag drives what is taught as the main event and what is demoted to a building block. - Curriculum. The index was synthesised into a 12-week, attack-surface-organised semester syllabus with the six-part teaching lens.
- Textbook. Per chapter, a research pass gathered material (corpus-first, then public sources), then a writing pass produced the chapter HTML — 12 chapters, 34 hand-authored SVG diagrams, 22 images drawn from the original research and cited back to it. Each chapter follows a summary → breakdown structure: the problem, why it matters, the methods at a glance, then a breakdown of each technique with real-world illustrations.
- Proofread. A continuity pass checked, chapter by chapter, that no concept is used before it is introduced, that the difficulty ramps smoothly, and that every citation and cross-reference resolves.
Every attack in the textbook is cited to both a local archived copy (in posts/) and the
original source.
csp_research/
├── README.md ← you are here
├── banner.svg ← project banner
├── curriculum.md ← the semester module specification
├── public_research.csv ← the 275-article source corpus
├── book/ ← the interactive textbook (open book/index.html)
│ ├── index.html
│ ├── chapter-01.html … chapter-12.html
│ ├── assets/ ← CSS, JS, Prism, images
│ └── diagrams/ ← hand-authored SVG attack-flow diagrams
├── posts/ ← 274 archived source articles + images
├── corpus_text/ ← clean-text extraction of every archived article
├── writing/ ← research notes, per-chapter dossiers, style contract
└── scripts/ ← archival & build tooling
| Version | Date | Notes |
|---|---|---|
| v0.1 | 2026-05-17 | Initial draft. Crawled and archived 275 real-world CSP vulnerabilities into an offline research corpus, distilled each into a structured index, synthesised a 12-week curriculum, and wrote the first draft of the 12-chapter interactive textbook with diagrams and full citations. |
This material is for education, authorized security research, and provider-side red-teaming. Every technique described is drawn from published and remediated vulnerabilities. Do not use it against systems you do not own or lack written permission to test. Attacking multi-tenant infrastructure without authorization is a crime and endangers uninvolved third parties.
The archived articles in posts/ remain the property of their original authors and are
retained here for research and citation purposes; each is linked to its original source.