Cloud Storage
Cloud Storage
Working with various cloud providers such as Google Cloud Platform (GCP), Microsoft Azure, or Amazon Web Services (AWS) can be complex. Primarily because, from a legal point of view, it is dealt with on a cross-border basis. If personal data is collected, processed, or used in the cloud, personal data protection must be guaranteed by data protection regulations. The characteristic of the cloud is the transfer of data from the user to the cloud provider. When data is transferred from the user to the cloud provider, the user relinquishes responsibility under data protection law and transfers it entirely to the cloud provider. The user thus also fundamentally loses the possibility of influencing the handling of the data transmitted by them. However, at the civil law level in Europe, a different distribution of liability is also possible with appropriate contract design, namely a (partial) retention of liability by the user.
![[infra-cloud.png]]
After all, the cloud servers are not always located in the same country as we are. Therefore, other regulations and laws applicable in the respective country, which may collide with ours. This is important to understand as we are still in the passive information gathering process and therefore may not actively interact with and scan the target company.
We can now resolve the domains found into IP addresses and compare them to the netblocks for these three cloud providers. If we find any IP addresses within these IP ranges, we can assume that it is a cloud provider. For us, the most critical component in the corporate use of a cloud provider is open cloud storage because if they have been misconfigured, they are publicly accessible and viewable. Some of those cloud providers are, but not limited to:
Open Cloud Storage
Google Storage Bucket
Block Blob
S3 Buckets
Spaces
We can also automate this process with the tool ip2provider.py. This will automatically compare the IP addresses with the netblocks and show if they are successful matches.
Last updated