Virtually no person outdoors heavy cloud CI/CD has heard of it, however the professionals doing a variety of cloud-native and containerized workloads (Kubernetes) particularly in DevOps-heavy organizations, depend on it steadily as a result of it offers perception into cloud-specific assault vectors which are usually missed by conventional security instruments. It’s no secret that misconfigurations in cloud assets are the main reason for breaches, and Stratus helps slender the main focus by concentrating on these vulnerabilities immediately.
Use case: Simulate adversary conduct concentrating on Amazon EKS clusters, notably specializing in T1543.003 (Create or Modify System Course of: Kubernetes). This method entails exploiting misconfigurations in EKS clusters to achieve unauthorized entry or escalate privileges by modifying or creating new Kubernetes pods and was contributed by neighborhood consumer Dakota Riley.
GD-Thief
Ever been misplaced within the maze of Google Drive, overwhelmed by countless recordsdata, folders, and subfolders, wishing you may simply “ls -l” all of them? Enter GD-Thief. It’s an open-source software that enumerates and scrapes Google Drive for publicly accessible recordsdata. It’s best for discovery and SA on paperwork, spreadsheets, or different delicate information left in shared drives.
For cloud OSINT, Google Drive is a treasure trove of data, if you’ll find it. Whereas instruments like SpiderFoot present broader OSINT capabilities, GD-Thief provides pentesters a focused solution to enumerate particular cloud storage property.
Use case: Use GD-Thief to scrape publicly accessible recordsdata that might reveal credentials or inner paperwork, doubtlessly resulting in additional exploitation.
DVWA (Rattling Susceptible Internet Utility)
DVWA is a intentionally susceptible internet utility designed to supply a secure area for security professionals and aspiring pentesters to apply and refine their internet utility penetration testing expertise. It has a number of ranges of vulnerability (low, medium, excessive, and not possible) to assist customers check a variety of expertise together with SQL injection, cross-site scripting (XSS), file inclusion, and command injection.
Whereas extensively recognized in boot camps and coaching lessons, DVWA is usually missed by extra skilled pentesters who flip to extra advanced instruments. Nevertheless, it stays a related platform for testing and refining expertise from script kiddies to superior operators. DVWA can be self-hosted, lessening the chance you’ll scope creep or check one thing you’re not permitted to the touch (BBP/VDPs anybody?). Any hypervisor might help you partition assets essential to host it.
Use case: Pentesters can apply exploiting CVE-2018-6574 (Distant Code Execution through improper enter validation). In DVWA’s “command execution” module, you may inject shell instructions through a kind enter and elevate to distant command execution. This train permits pentesters to higher perceive the strategies attackers use to achieve distant management over internet servers.
Hackazon
Hackazon is one other susceptible internet utility designed to simulate a real-world e-commerce web site with fashionable internet applied sciences. Developed by Rapid7, it offers a sensible surroundings for security professionals to check vulnerabilities generally present in dynamic internet functions, together with RESTful API misconfigurations, SQL injection, XSS, and client-side vulnerabilities. Hackazon is superb for mimicking the complexity of recent internet apps utilized by organizations right this moment.
Hackazon replicates a full, real-world dynamic purchasing web site with varied fashionable vulnerabilities that aren’t at all times present in different coaching environments, but it surely’s usually overshadowed by DVWA and different susceptible internet apps resulting from its extra advanced setup. However in case you’re seeking to beef up on API and client-side expertise, it’s an important place to begin.
Use case: Hackazon can be utilized to check for SQL injection vulnerabilities (CVE-2019-12384) by concentrating on the applying’s product search characteristic. Pentesters can inject malicious SQL queries through the search kind to retrieve delicate buyer information like fee particulars. Moreover, the inclusion of an API makes it an excellent platform for API-based testing and exploiting improper authorization or enter validation.