Learn practical approaches for scanning and exploiting exposed cloud resources in this 26-minute conference talk from fwd:cloudsec. Discover newly developed methodologies for identifying misconfigured public cloud services across AWS and Azure platforms, including queues, notification channels, managed identity providers, and storage solutions. Explore techniques for detecting erroneously exposed services, external scanning methods, and potential exploitation scenarios. Gain insights into real-world statistics about exposed cloud services found across the internet, along with detailed examinations of finding S3 buckets, SAS tokens, and GitHub secrets. Master the skills needed to effectively scan and map organizational cloud exposure while identifying misconfigurations and vulnerabilities at scale.