Updating technique references for Unit42 VM Attack Path article. (#539)

siigil · web-flow · commit cea6917e336a · 2024-07-02T22:48:44.000+02:00
diff --git a/docs/attack-techniques/AWS/aws.execution.ec2-user-data.md b/docs/attack-techniques/AWS/aws.execution.ec2-user-data.md
@@ -24,6 +24,7 @@ References:
 
 - https://hackingthe.cloud/aws/exploitation/local-priv-esc-mod-instance-att/
 - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html
+- https://unit42.paloaltonetworks.com/cloud-virtual-machine-attack-vectors/
 
 <span style="font-variant: small-caps;">Warm-up</span>:
 
diff --git a/docs/attack-techniques/AWS/aws.execution.ssm-send-command.md b/docs/attack-techniques/AWS/aws.execution.ssm-send-command.md
@@ -33,6 +33,7 @@ References:
 - https://www.chrisfarris.com/post/aws-ir/
 - https://www.invictus-ir.com/news/aws-cloudtrail-cheat-sheet
 - https://securitycafe.ro/2023/01/17/aws-post-explitation-with-ssm-sendcommand/
+- https://unit42.paloaltonetworks.com/cloud-virtual-machine-attack-vectors/
 
 
 ## Instructions
diff --git a/docs/attack-techniques/AWS/aws.execution.ssm-start-session.md b/docs/attack-techniques/AWS/aws.execution.ssm-start-session.md
@@ -32,6 +32,7 @@ References:
 - https://awstip.com/responding-to-an-attack-in-aws-9048a1a551ac (evidence of usage in the wild)
 - https://hackingthe.cloud/aws/post_exploitation/run_shell_commands_on_ec2/#session-manager
 - https://unit42.paloaltonetworks.com/cloud-lateral-movement-techniques/
+- https://unit42.paloaltonetworks.com/cloud-virtual-machine-attack-vectors/
 
 
 ## Instructions
diff --git a/docs/attack-techniques/AWS/aws.lateral-movement.ec2-instance-connect.md b/docs/attack-techniques/AWS/aws.lateral-movement.ec2-instance-connect.md
@@ -33,6 +33,7 @@ References:
 - https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-ecs-crypto-mining/#hands-on-keyboard-activity-begins
 - https://sysdig.com/blog/2023-global-cloud-threat-report/
 - https://unit42.paloaltonetworks.com/cloud-lateral-movement-techniques/
+- https://unit42.paloaltonetworks.com/cloud-virtual-machine-attack-vectors/
 
 
 ## Instructions
diff --git a/docs/attack-techniques/azure/azure.execution.vm-custom-script-extension.md b/docs/attack-techniques/azure/azure.execution.vm-custom-script-extension.md
@@ -23,6 +23,7 @@ References:
 
 - https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows
 - https://microsoft.github.io/Azure-Threat-Research-Matrix/Execution/AZT301/AZT301-2/
+- https://unit42.paloaltonetworks.com/cloud-virtual-machine-attack-vectors/
 
 <span style="font-variant: small-caps;">Warm-up</span>: 
 
diff --git a/docs/attack-techniques/azure/azure.execution.vm-run-command.md b/docs/attack-techniques/azure/azure.execution.vm-run-command.md
@@ -28,6 +28,7 @@ References:
 - https://docs.microsoft.com/en-us/azure/virtual-machines/linux/run-command
 - https://microsoft.github.io/Azure-Threat-Research-Matrix/Execution/AZT301/AZT301-1/
 - https://go.crowdstrike.com/rs/281-OBQ-266/images/report-crowdstrike-2023-threat-hunting-report.pdf (page 34)
+- https://unit42.paloaltonetworks.com/cloud-virtual-machine-attack-vectors/
 
 <span style="font-variant: small-caps;">Warm-up</span>: 
 
