Technology
Deliberately vulnerable AWS, Azure cloud infrastructure is a pen tester’s playground – Black Hat USA
AWSGoat and AzureGoat tools showcased in Las Vegas this week.
Security pros from INE enjoyed a double billing at Black Hat USA on (August 10) as they showcased penetration testing tools AWSGoat and AzureGoat.
Amazon Web Services (AWS) and Microsoft Azure are two of the biggest names in cloud infrastructure, along with Google Cloud Platform (GCP).
With the cloud still a relatively new phenomenon, many developers are not fully aware of the threat landscape and can inadvertently deploy vulnerable cloud infrastructure.
Sometimes a simple misconfiguration or web app vulnerability is all an attacker needs to completely compromise an organization’s environment.
Preemptive attacks
Showcased during the Black Hat Arsenal sessions in Las Vegas this week, AWSGoat and AzureGoat are aimed at providing security enthusiasts and pen testers with an easy-to-deploy vulnerable infrastructure.
Here, they can learn how to enumerate cloud applications, identify vulnerabilities, and chain various attacks to compromise the AWS or Azure account.
The vulnerable-by-design infrastructure showcases the dangers of the OWASP Top 10 web application security threats.
AWSGoat also features misconfigurations based on services such as IAM, S3, API Gateway, Lambda, EC2, and ECS.
While the developers of AWSGoat said there were “numerous tools and vulnerable applications” available for AWS, this is not the case with Azure.
“AzureGoat is our attempt to shorten the gap,” the team from IT and security training firm INE said. “There are far fewer options available to the community.”
The user will be able to deploy AzureGoat on their Azure account using a pre-created Docker image and scripts. Once deployed, the AzureGoat can be used for target practice and be conveniently deleted later.
All the code and deployment scripts for both AWSGoat and AzureGoat have been made open source.
-
Technology2 years ago
VoIP Number: Everything You Need To Know
-
Music2 months ago
[Music] Gnash Ft Olivia O’Brien – I Hate you, I Love you
-
Music1 month ago
[INSTRUMENTAL] John Legend – All Of Me
-
Music2 months ago
Alan Walker – Faded [INSTRUMENTAL]
-
Music1 month ago
[Video] 21 Savage ft. Offset & Metro Boomin – Rap Saved Me
-
Music2 months ago
[Instrumental] Wiz Khalifa – See You Again ft. Charlie Puth
-
ANE Stories4 months ago
[STORY] AMAKA THE LESBIAN (Complete Episodes)
-
Music2 months ago
[Music] Akon – Sorry Blame It On Me