Technology
Deliberately vulnerable AWS, Azure cloud infrastructure is a pen tester’s playground – Black Hat USA
AWSGoat and AzureGoat tools showcased in Las Vegas this week.
Security pros from INE enjoyed a double billing at Black Hat USA on (August 10) as they showcased penetration testing tools AWSGoat and AzureGoat.
Amazon Web Services (AWS) and Microsoft Azure are two of the biggest names in cloud infrastructure, along with Google Cloud Platform (GCP).
With the cloud still a relatively new phenomenon, many developers are not fully aware of the threat landscape and can inadvertently deploy vulnerable cloud infrastructure.
Sometimes a simple misconfiguration or web app vulnerability is all an attacker needs to completely compromise an organization’s environment.
Preemptive attacks
Showcased during the Black Hat Arsenal sessions in Las Vegas this week, AWSGoat and AzureGoat are aimed at providing security enthusiasts and pen testers with an easy-to-deploy vulnerable infrastructure.
Here, they can learn how to enumerate cloud applications, identify vulnerabilities, and chain various attacks to compromise the AWS or Azure account.
The vulnerable-by-design infrastructure showcases the dangers of the OWASP Top 10 web application security threats.
AWSGoat also features misconfigurations based on services such as IAM, S3, API Gateway, Lambda, EC2, and ECS.
While the developers of AWSGoat said there were “numerous tools and vulnerable applications” available for AWS, this is not the case with Azure.
“AzureGoat is our attempt to shorten the gap,” the team from IT and security training firm INE said. “There are far fewer options available to the community.”
The user will be able to deploy AzureGoat on their Azure account using a pre-created Docker image and scripts. Once deployed, the AzureGoat can be used for target practice and be conveniently deleted later.
All the code and deployment scripts for both AWSGoat and AzureGoat have been made open source.
-
Technology2 years ago
VoIP Number: Everything You Need To Know
-
Music2 weeks ago
[Music] Gnash Ft Olivia O’Brien – I Hate you, I Love you
-
Music2 weeks ago
[INSTRUMENTAL] John Legend – All Of Me
-
Music2 weeks ago
Alan Walker – Faded [INSTRUMENTAL]
-
Music2 weeks ago
[Video] 21 Savage ft. Offset & Metro Boomin – Rap Saved Me
-
Music2 weeks ago
[Instrumental] Wiz Khalifa – See You Again ft. Charlie Puth
-
ANE Stories3 months ago
[STORY] AMAKA THE LESBIAN (Complete Episodes)
-
Music3 weeks ago
[Music] Akon – Sorry Blame It On Me