diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png
new file mode 100644
index 0000000000..d7961cab39
Binary files /dev/null and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png
index d7961cab39..ece9585b82 100644
Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png
index ece9585b82..3048b65efa 100644
Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png
index 3048b65efa..fb52dbc6cd 100644
Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png
index fb52dbc6cd..ce50798209 100644
Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png
index ce50798209..fb5aa4f77c 100644
Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1).png
index fb5aa4f77c..0f269bd025 100644
Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1).png
index 0f269bd025..66bce84492 100644
Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1).png
index 66bce84492..cf55c03e28 100644
Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1).png
index cf55c03e28..7e59066fb8 100644
Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1).png
index 7e59066fb8..a66b921a15 100644
Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1).png
index a66b921a15..6e6b14ecd4 100644
Binary files a/.gitbook/assets/image (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1).png
index 6e6b14ecd4..67281e0416 100644
Binary files a/.gitbook/assets/image (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (1) (1).png b/.gitbook/assets/image (1) (1).png
index 67281e0416..0b02740595 100644
Binary files a/.gitbook/assets/image (1) (1).png and b/.gitbook/assets/image (1) (1).png differ
diff --git a/.gitbook/assets/image (1).png b/.gitbook/assets/image (1).png
index 0b02740595..f6d47edde9 100644
Binary files a/.gitbook/assets/image (1).png and b/.gitbook/assets/image (1).png differ
diff --git a/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png
new file mode 100644
index 0000000000..1520310fb4
Binary files /dev/null and b/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png
index 1520310fb4..d02adb1bc2 100644
Binary files a/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1) (1).png
index d02adb1bc2..2c1380cee8 100644
Binary files a/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1).png
index 2c1380cee8..d0ab10ede3 100644
Binary files a/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1).png
index d0ab10ede3..6c458d0381 100644
Binary files a/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1).png
index 6c458d0381..feea4d9138 100644
Binary files a/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (2) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (2) (1) (1) (1) (1) (1).png
index feea4d9138..b57f12f1b5 100644
Binary files a/.gitbook/assets/image (2) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (2) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (2) (1) (1) (1) (1).png b/.gitbook/assets/image (2) (1) (1) (1) (1).png
index b57f12f1b5..f282f52114 100644
Binary files a/.gitbook/assets/image (2) (1) (1) (1) (1).png and b/.gitbook/assets/image (2) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (2) (1) (1) (1).png b/.gitbook/assets/image (2) (1) (1) (1).png
index f282f52114..0c13369f3d 100644
Binary files a/.gitbook/assets/image (2) (1) (1) (1).png and b/.gitbook/assets/image (2) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (2) (1) (1).png b/.gitbook/assets/image (2) (1) (1).png
index 0c13369f3d..4ba6ea2ef1 100644
Binary files a/.gitbook/assets/image (2) (1) (1).png and b/.gitbook/assets/image (2) (1) (1).png differ
diff --git a/.gitbook/assets/image (2) (1).png b/.gitbook/assets/image (2) (1).png
index 4ba6ea2ef1..8da0530feb 100644
Binary files a/.gitbook/assets/image (2) (1).png and b/.gitbook/assets/image (2) (1).png differ
diff --git a/.gitbook/assets/image (2).png b/.gitbook/assets/image (2).png
index 8da0530feb..372d616695 100644
Binary files a/.gitbook/assets/image (2).png and b/.gitbook/assets/image (2).png differ
diff --git a/.gitbook/assets/image.png b/.gitbook/assets/image.png
index 372d616695..e521aaf21b 100644
Binary files a/.gitbook/assets/image.png and b/.gitbook/assets/image.png differ
diff --git a/SUMMARY.md b/SUMMARY.md
index 1a9fdab831..e21179bea2 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -118,6 +118,7 @@
* [GCP - Cloud Build Enum](pentesting-cloud/gcp-pentesting/gcp-services/gcp-cloud-build-enum.md)
* [GCP - Cloud Functions Enum](pentesting-cloud/gcp-pentesting/gcp-services/gcp-cloud-functions-enum.md)
* [GCP - Cloud Run Enum](pentesting-cloud/gcp-pentesting/gcp-services/gcp-cloud-run-enum.md)
+ * [GCP - Cloud SQL](pentesting-cloud/gcp-security/gcp-services/gcp-cloud-sql.md)
* [GCP - Compute Enum](pentesting-cloud/gcp-pentesting/gcp-services/gcp-compute-instances-enum/README.md)
* [GCP - Compute Instance](pentesting-cloud/gcp-pentesting/gcp-services/gcp-compute-instances-enum/gcp-compute-instance.md)
* [GCP - VPC & Networking](pentesting-cloud/gcp-pentesting/gcp-services/gcp-compute-instances-enum/gcp-vpc-and-networking.md)
diff --git a/pentesting-ci-cd/okta-security/README.md b/pentesting-ci-cd/okta-security/README.md
index 90553fd357..86ba8df0f8 100644
--- a/pentesting-ci-cd/okta-security/README.md
+++ b/pentesting-ci-cd/okta-security/README.md
@@ -64,11 +64,11 @@ getST.py -spn HTTP/clientname.kerberos.okta.com -dc-ip 1.2.3.4 LAB/comprommisedu
With a ticket retrieved for the AD user, we need to inject this on a host we control using Rubeus or Mimikatz:
-
+
You’ll need to make sure that `clientname.kerberos.okta.com` is added to the “Intranet” security zone in Internet Options. And then, in our browser, if we hit the below URL, we should find that we receive a JSON response providing an `OK` result when the Kerberos ticket is accepted:
-
+
Heading over to the Okta dashboard, if everything is OK, you’ll be signed in.
@@ -76,7 +76,7 @@ Moreover, if we are able to compromise the actual Okta service account exposing
It should be noted that as Okta only support AES for ticket encryption, we’ll need to ensure we have the AES key or plaintext password to authenticate:
-
+
To craft our ticket for the victim user of `testuser`, we use:
diff --git a/pentesting-ci-cd/travisci-security/README.md b/pentesting-ci-cd/travisci-security/README.md
index 10d60df4cb..8ded31c4c4 100644
--- a/pentesting-ci-cd/travisci-security/README.md
+++ b/pentesting-ci-cd/travisci-security/README.md
@@ -44,7 +44,7 @@ It looks like It's not possible to set crons inside the `.travis.yml` according
TravisCI by default disables sharing env variables with PRs coming from third parties, but someone might enable it and then you could create PRs to the repo and exfiltrate the secrets:
- (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png>)
+ (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png>)
### Dumping Secrets
diff --git a/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-kms-post-exploitation.md b/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-kms-post-exploitation.md
index 1999edd747..73b732161f 100644
--- a/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-kms-post-exploitation.md
+++ b/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-kms-post-exploitation.md
@@ -106,7 +106,7 @@ aws kms put-key-policy --key-id mrk-c10357313a644d69b4b28b88523ef20c \
Note that if you change that policy and only give access to an external account, and then from this external account you try to set a new policy to **give the access back to original account, you won't be able**.
{% endhint %}
-
+
### Generic KMS Ransomware
diff --git a/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-s3-post-exploitation.md b/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-s3-post-exploitation.md
index 7460ba0fdc..ce79491079 100644
--- a/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-s3-post-exploitation.md
+++ b/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-s3-post-exploitation.md
@@ -42,7 +42,7 @@ For example, **airflow** could be storing **DAGs** **code** in there, or **web p
The following screenshot shows an example of a file that was targeted for a ransomware attack. As you can see, the account ID that owns the KMS key that was used to encrypt the object (7\*\*\*\*\*\*\*\*\*\*2) is different than the account ID of the account that owns the object (2\*\*\*\*\*\*\*\*\*\*1).
- (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png>)
+ (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png>)
Here you can [find a ransomware example](https://github.com/RhinoSecurityLabs/Cloud-Security-Research/blob/master/AWS/s3\_ransomware/s3-ransomware-poc.py) that does the following:
diff --git a/pentesting-cloud/aws-security/aws-persistence/aws-ecr-persistence.md b/pentesting-cloud/aws-security/aws-persistence/aws-ecr-persistence.md
index 1401090c51..6a0ff28f02 100644
--- a/pentesting-cloud/aws-security/aws-persistence/aws-ecr-persistence.md
+++ b/pentesting-cloud/aws-security/aws-persistence/aws-ecr-persistence.md
@@ -62,7 +62,7 @@ Note that ECR requires that users have **permission** to make calls to the **`ec
It's possible to automatically replicate a registry in an external account configuring cross-account replication, where you need to **indicate the external account** there you want to replicate the registry.
-
+
First, you need to give the external account access over the registry with a **registry policy** like:
diff --git a/pentesting-cloud/aws-security/aws-services/aws-api-gateway-enum.md b/pentesting-cloud/aws-security/aws-services/aws-api-gateway-enum.md
index d568fd0326..2d8bec676e 100644
--- a/pentesting-cloud/aws-security/aws-services/aws-api-gateway-enum.md
+++ b/pentesting-cloud/aws-security/aws-services/aws-api-gateway-enum.md
@@ -248,7 +248,7 @@ It's possible to generate API keys in the API Gateway portal and even set how mu
To make an API key work, you need to add it to a **Usage Plan**, this usage plan mus be added to the **API Stage** and the associated API stage needs to have a configured a **method throttling** to the **endpoint** requiring the API key:
-
+
## Unauthenticated Access
diff --git a/pentesting-cloud/aws-security/aws-services/aws-security-and-detection-services/aws-cloudtrail-enum.md b/pentesting-cloud/aws-security/aws-services/aws-security-and-detection-services/aws-cloudtrail-enum.md
index f4e78783fb..d87827643a 100644
--- a/pentesting-cloud/aws-security/aws-services/aws-security-and-detection-services/aws-cloudtrail-enum.md
+++ b/pentesting-cloud/aws-security/aws-services/aws-security-and-detection-services/aws-cloudtrail-enum.md
@@ -119,7 +119,7 @@ AWS Access Advisor relies on last 400 days AWS **CloudTrail logs to gather its i
Therefore, Access Advisor informs about **the unnecessary permissions being given to users** so the admin could remove them
{% endhint %}
-
+
## Actions
diff --git a/pentesting-cloud/azure-security/az-basic-information.md b/pentesting-cloud/azure-security/az-basic-information.md
index 3b0ef670d8..b7528c5676 100644
--- a/pentesting-cloud/azure-security/az-basic-information.md
+++ b/pentesting-cloud/azure-security/az-basic-information.md
@@ -145,7 +145,7 @@ In Azure **permissions are can be assigned to any part of the hierarchy**. That
This hierarchical structure allows for efficient and scalable management of access permissions.
-
+
### Azure RBAC vs ABAC
diff --git a/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-phishing-primary-refresh-token-microsoft-entra.md b/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-phishing-primary-refresh-token-microsoft-entra.md
index db2a0c5be0..5bd02d1b58 100644
--- a/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-phishing-primary-refresh-token-microsoft-entra.md
+++ b/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-phishing-primary-refresh-token-microsoft-entra.md
@@ -46,11 +46,11 @@ The “upgrade” from normal refresh token to primary refresh token is not poss
If there is a policy that requires MFA to sign in, we can instead use the `interactiveauth` module:
-
+
The resulting refresh token (which is cached in the `.roadtools_auth` file) can be used to request a token for the device registration service, where we can create the device:
-
+
Now that we have a device identity, we can combine this with the same refresh token to obtain a PRT (both refresh tokens shortened for readability):
diff --git a/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-roadtx-authentication.md b/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-roadtx-authentication.md
index eb903a97f1..314c68d9ee 100644
--- a/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-roadtx-authentication.md
+++ b/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-roadtx-authentication.md
@@ -113,7 +113,7 @@ Tokens were written to .roadtools_auth
There’s also other options you can use to specify other resources or the correct redirect URL for the app you are using:
-
+
## Selenium based Azure AD authentication
diff --git a/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/azure-ad-connect-hybrid-identity/az-synchronising-new-users.md b/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/azure-ad-connect-hybrid-identity/az-synchronising-new-users.md
index 07ff5a9105..ef93eb291b 100644
--- a/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/azure-ad-connect-hybrid-identity/az-synchronising-new-users.md
+++ b/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/azure-ad-connect-hybrid-identity/az-synchronising-new-users.md
@@ -28,7 +28,7 @@ Get-MsolUser -SerachString admintest | select displayname, lastdirsynctime, prox
```
{% endcode %}
-
+
When a user like these is found in AzureAD, in order to **access it from the on-prem AD** you just need to **create a new account** with the **proxyAddress** the SMTP email:
diff --git a/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/azure-ad-connect-hybrid-identity/phs-password-hash-sync.md b/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/azure-ad-connect-hybrid-identity/phs-password-hash-sync.md
index 7a96be6baa..9082e3d1b3 100644
--- a/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/azure-ad-connect-hybrid-identity/phs-password-hash-sync.md
+++ b/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/azure-ad-connect-hybrid-identity/phs-password-hash-sync.md
@@ -43,7 +43,7 @@ The database is located in `C:\Program Files\Microsoft Azure AD Sync\Data\ADSync
It's possible to extract the configuration from one of the tables, being one encrypted:
-
+
The **encrypted configuration** is encrypted with **DPAPI** and it contains the **passwords of the `MSOL_*`** user in on-prem AD and the password of **Sync\_\*** in AzureAD. Therefore, compromising these it's possible to privesc to the AD and to AzureAD.
diff --git a/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/pass-the-prt.md b/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/pass-the-prt.md
index 52df54e500..46cb609f0f 100644
--- a/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/pass-the-prt.md
+++ b/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/pass-the-prt.md
@@ -286,7 +286,7 @@ roadtx browserprtauth
roadtx describe < .roadtools_auth
```
-
+
#### Option 3 - roadrecon using derived keys
diff --git a/pentesting-cloud/azure-security/az-services/az-automation-account/az-state-configuration-rce.md b/pentesting-cloud/azure-security/az-services/az-automation-account/az-state-configuration-rce.md
index 5aedc78e3b..fa6d8c4afa 100644
--- a/pentesting-cloud/azure-security/az-services/az-automation-account/az-state-configuration-rce.md
+++ b/pentesting-cloud/azure-security/az-services/az-automation-account/az-state-configuration-rce.md
@@ -72,7 +72,7 @@ RevPShell -Reverse 40.84.7.73 443
Now we’ll run our configuration file. I have mine setup to be published to the Desktop for a better visual, however it can be published just about anywhere. After a couple of minutes, we’ll see that the reverse-shell script has been published!
-
+
### Step 6 — Host Payload and Setup Listener
diff --git a/pentesting-cloud/azure-security/az-services/vms/az-azure-network.md b/pentesting-cloud/azure-security/az-services/vms/az-azure-network.md
index e62b87cae8..9596a84634 100644
--- a/pentesting-cloud/azure-security/az-services/vms/az-azure-network.md
+++ b/pentesting-cloud/azure-security/az-services/vms/az-azure-network.md
@@ -213,7 +213,7 @@ az network vnet subnet list --resource-group --vnet-name
+
**Service Endpoints:**
diff --git a/pentesting-cloud/gcp-pentesting/gcp-services/gcp-cloud-build-enum.md b/pentesting-cloud/gcp-pentesting/gcp-services/gcp-cloud-build-enum.md
index c9edb32cf2..7a83b7d3fc 100644
--- a/pentesting-cloud/gcp-pentesting/gcp-services/gcp-cloud-build-enum.md
+++ b/pentesting-cloud/gcp-pentesting/gcp-services/gcp-cloud-build-enum.md
@@ -52,7 +52,7 @@ The **Service Account has the `cloud-platform` scope**, so it can **use all the
By default no permissions are given but it's fairly easy to give it some:
-
+
### Approvals
@@ -70,7 +70,7 @@ Once a connection is generated, you can use it to **link repositories that the G
This option is available through the button:
-
+
{% hint style="success" %}
Note that repositories connected with this method are **only available in Triggers using 2nd generation.**
@@ -82,7 +82,7 @@ This is not the same as a **`connection`**. This allows **different** ways to ge
This option is available through the button:
-
+
### Storage
diff --git a/pentesting-cloud/gcp-security/gcp-basic-information.md b/pentesting-cloud/gcp-security/gcp-basic-information.md
index 0bf3604755..629141ee54 100644
--- a/pentesting-cloud/gcp-security/gcp-basic-information.md
+++ b/pentesting-cloud/gcp-security/gcp-basic-information.md
@@ -168,9 +168,9 @@ When an organisation is created several groups are **strongly suggested to be cr
* No expiration
* If people is accessing Workspace through a third party provider, these requirements aren't applied.
-
+
-
+
diff --git a/pentesting-cloud/gcp-security/gcp-services/gcp-cloud-sql.md b/pentesting-cloud/gcp-security/gcp-services/gcp-cloud-sql.md
new file mode 100644
index 0000000000..542bb7099e
--- /dev/null
+++ b/pentesting-cloud/gcp-security/gcp-services/gcp-cloud-sql.md
@@ -0,0 +1,79 @@
+# GCP - Cloud SQL
+
+
+
+Learn AWS hacking from zero to hero withhtARTE (HackTricks AWS Red Team Expert)!
+
+Other ways to support HackTricks:
+
+* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
+* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
+* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud)
+*
+*
+* github repos.
+
+
+
+## Basic Information
+
+Google Cloud SQL is a **fully-managed database** service that makes it easy to set up, maintain, manage, and administer your **relational databases** on Google Cloud Platform. It provides a way to work with familiar SQL databases (**MySQL, PostgreSQL, and SQL Server**) without having to handle the usual operational tasks such as hardware provisioning, database setup, patching, or backups.
+
+Key features of Google Cloud SQL include:
+
+1. **Fully Managed**: Google Cloud SQL is a fully-managed service, meaning that Google handles database maintenance tasks like patching, updates, backups, and configuration.
+2. **Scalability**: It provides the ability to scale your database's storage capacity and compute resources, often without downtime.
+3. **High Availability**: Offers high availability configurations, ensuring your database services are reliable and can withstand zone or instance failures.
+4. **Security**: Provides robust security features like data encryption, Identity and Access Management (IAM) controls, and network isolation using private IPs and VPC.
+5. **Backups and Recovery**: Supports automatic backups and point-in-time recovery, helping you safeguard and restore your data.
+6. **Integration**: Seamlessly integrates with other Google Cloud services, providing a comprehensive solution for building, deploying, and managing applications.
+7. **Performance**: Offers performance metrics and diagnostics to monitor, troubleshoot, and improve database performance.
+
+### Password
+
+In the web console Cloud SQL allows the user to **set** the **password** of the database, there also a generate feature, but most importantly, **MySQL** allows to **leave an empty password and all of them allows to set as password just the char "a":**
+
+
+
+It's also possible to configure a password policy requiring **length**, **complexity**, **disabling reuse** and **disabling username in password**. All are disabled by default.
+
+**SQL Server** can be configured with **Active Directory Authentication**.
+
+### Zone Availability
+
+The database can be **available in 1 zone or in multiple**, of course, it's recommended to have important databases in multiple zones.
+
+### Encryption
+
+By default a Google-managed encryption key is used, but it's also **possible to select a Customer-managed encryption key (CMEK)**.
+
+### Connections
+
+* **Private IP**: Indicate the VPC network and the database will get an private IP inside the network
+* **Public IP**: The database will get a public IP, but by default no-one will be able to connect
+ * **Authorized networks**: Indicate public **IP ranges that should be allowed** to connect to the database
+* **Private Path**: If the DB is connected in some VPC, it's possible to enable this option and give **other GCP services like BigQuery access over it**
+
+
+
+### Data Protection
+
+* **Daily backups**: Perform automatic daily backups and indicate the number of backups you want to maintain.
+* **Point-in-time recovery**: Allows you to recover data from a specific point in time, down to a fraction of a second.
+* **Deletion Protection**: If enabled, the DB won't be able to be deleted until this feature is disabled
+
+
+
+Learn AWS hacking from zero to hero withhtARTE (HackTricks AWS Red Team Expert)!
+
+Other ways to support HackTricks:
+
+* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
+* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
+* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
+* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
+
+
 (1) (1) (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1) (1) (1) (1).png)
 (1) (1).png)
 (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1).png)
 (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png)
 (1) (1) (1).png)
 (1) (1) (1) (1).png)
.png)
.png)
 (1).png)
 (1).png)
 (1).png)
 (1) (1).png)
 (1).png)