Buckets

🛑 Disclosure: A lightweight proof-of-concept (PoC) tool was developed by hackteam.red for internal red teaming and authorized penetration testing. The PoC will not be released publicly, but it is actively used to assess Yandex Cloud Object Storage configurations for clients who explicitly permit such testing. 🔍 Overview Yandex Cloud provides an S3-compatible Object Storage service that allows customers to host static websites via public endpoints like: http://.website.yandexcloud.net While this is a convenient feature for developers and enterprises, misconfigurations or oversight can lead to unintended public exposure of sensitive technical documentation, internal architecture details, or — in worst cases — source code and configuration files. ...