Injection malicious formulas into exported CSV files
Steal AWS credentials via Server Side Request Forgery(SSRF) attacks.
Use SVG images to gain stored XSS via uploading an SVG image.
Open S3 buckets can be used to find sensitive data. Dont forgot about google cloud storage though.
RCE exposed kubernetes API
RCE exposed docker API
Hacking elastic search databases
OWASP top 10 – How to hack sites vulnerable to Xml External Entity attack.
Companies always want to use bleeding edge technology. With new technology comes new vulnerabilities.
Open source intelligence gather is an important skill set to have. Learn to how discover employees of an organization.