Almost no one outside of cloud heavy CI/CD has heard of it, but professionals doing a lot of cloud and container workloads (Kubernetes) especially in heavy DevOps organizations, rely on it regularly because it provides insight into cloud-specific attack vectors. which are often overlooked by traditional security tools. It’s no secret that poor configuration of cloud resources is a leading cause of breaches, and Stratus helps reduce the focus by targeting these vulnerabilities directly.
Use the condition: Simulate the behavior of adversaries targeting Amazon EKS clusters, specifically in T1543.003 (Create or Modify System Process: Kubernetes). This technique involves exploiting a bug in EKS clusters to gain unauthorized access or privilege escalation by changing or creating new Kubernetes pods and was contributed by community user Dakota Riley.
GD- Thief
Ever lost in the maze of Google Drive, overwhelmed by endless files, folders, and subfolders, wishing you could just “ls -l” them all? Enter GD-Thief. An open source tool that lists and clears Google Drive of accessible files public. Great for recovery and SA on documents, spreadsheets, or other sensitive data left on shared drives.
For cloud OSINT, Google Drive is a repository of information, if you can find it. While tools like SpiderFoot provide broad OSINT capabilities, GD-Thief gives pentesters a targeted way to target specific cloud storage assets.
Use the condition: Use GD-Thief to delete publicly accessible files that may reveal information or internal documents, which may lead to further exploitation.
DVWA (Highly Vulnerable Web Application)
DVWA is an intentionally vulnerable web application designed to provide a safe environment for security professionals and aspiring hackers to practice and refine their web application penetration testing skills. It has multiple vulnerability levels (low, medium, high, and impossible) to help users test a wide range of capabilities including SQL injection, cross-site scripting (XSS), file injection, and command injection.
Although widely known in boot camps and training classes, DVWA is often overlooked by more experienced pentesters who turn to more sophisticated tools. However, it remains an ideal platform for testing and refining skills from scripting kids to advanced operators. DVWA is also the host itself, reducing the chances that you will bypass or check something you are not allowed to touch (BBP/VDPs anyone?). Any hypervisor can provide you with the partitioning resources needed to host it.
Use the condition: Pentesters can practice exploiting CVE-2018-6574 (Remote Code Execution via improper installation validation). In DVWA’s “execute command” module, you can inject shell commands by entering a form and prompting to execute a remote command. This activity allows pentesters to better understand the techniques attackers use to gain remote control over web servers.
Hackazon
Hackazon is another hacking web application designed to simulate a real-world e-commerce site with modern web technologies. Developed by Rapid7, it provides a virtual environment for security professionals to assess vulnerabilities commonly found in dynamic web applications, including RESTful API misconfigurations, SQL injection, XSS, and client-side vulnerabilities. Hackazon is great for simulating the complexity of modern web applications used by organizations today.
Hackazon is also a full-fledged, dynamic real-world trading site with a variety of modern vulnerabilities not always found in other training sites, but is often overshadowed by DVWA and other vulnerable web applications due to its complex setup. But if you’re looking to develop API and client-side capabilities, it’s a good place to start.
Use the condition: Hackazon can be used to test the SQL injection vulnerability (CVE-2019-12384) by targeting the product search feature of the application. Pentesters can enter malicious SQL queries through the search form to obtain sensitive customer data such as payment information. Additionally, API integration makes it an ideal platform for API-based testing and implements arbitrary authorization or input validation.
Source link