API-based Resource Listing

API-based Resource Listing is a critical sub-technique within the Expanding Control phase, specifically under Cloud Service Discovery, where attackers leverage cloud service provider APIs to enumerate available resources, services, and configurations across a target environment. After gaining initial access to cloud infrastructure, adversaries utilize authenticated API calls through command-line interfaces (CLIs), software development kits (SDKs), or direct REST API requests to methodically discover assets across multiple cloud services. This discovery process typically involves querying management APIs with compromised credentials to identify resources such as virtual machines, storage accounts, databases, serverless functions, and network configurations that could be exploited for privilege escalation or lateral movement. The technique's power lies in its ability to operate within legitimate protocols and authenticated channels, making it difficult to distinguish from normal administrative activities without sophisticated behavioral analysis and properly implemented least-privilege access controls.