9E: Cloud-Based Attacks

Question 1

In this attack, a malicious actor injects malicious code into an application. Common attacks can include SQL injection (SQLi) and Cross Site Scripting (XSS). In addition, the service can fall victim to a wrapper attack, which wraps and conceals malicious code, in order to bypass standard security methods

Answer 1

Malware Injection Attack

Question 2

Also called a sidebar or implementation attack, this exploit is possible because of the shared nature of the cloud infrastructure, especially in a PaaS model. In this attack, the hardware leaks sensitive information such as cryptographic keys, via a covert channel, to a potential attacker.

Answer 2

Side-Channel Attack

Question 3

Many organizations seek to reduce the threat of a DDoS attack by using methods such as reverse proxies in front of the web servers. This insulates the servers from a possible attack as the malicious actor is unable to penetrate the defenses. However, in a D2O attack, malicious actors circumvent this protection by identifying the origin network or IP address, and then launching a direct attack.

Answer 3

Direct-to-origin Attacks (D2O)

Question 4

An open-source tool written in Python that can be used to audit instances and policies created on multicloud platforms, such as AWS, Microsoft Azure, and Google Cloud.

Answer 4

ScoutSuite

Question 5

An audit tool for use with Amazon Web Services only.

Answer 5

Prowler

Question 6

This tool is designed as an exploitation framework to assess the security configuration of an AWS account.

Answer 6

Pacu

Question 7

An open-source cloud security, governance, and management tool designed to help the administrator create policies based on resource types.

Answer 7

Cloud Custodian