Section 12: Cloud Attacks Flashcards
Direct-To-Origin (D2O) Attack
Attempts to bypass reverse proxies to directly attack the original network or IP address of the cloud-based server
Account Takeover
Attackers silently embed themselves within an organization to slowly gain additional access or infiltrate new organizations
Account takeovers are very hard to detect
Vertical vs Horizontal Privilege Escalation
Vertical
o User to admin/root account
Horizontal
o User to another user account
Cloud Object Storage
▪ Bucket
● Amazon Web Services
▪ Blob
● Microsoft Azure
▪ An object is the equivalent of a file, and a container is the folder
▪ Object ACLs
Software Development Kit (SDK)
A package of tools dedicated to a specific programming language or platform commonly used by developers when creating apps
▪ SDKs can contain vulnerabilities if the author who built those functions didn’t do a good job
Scoutsuite
An open-source tool written in Python that can be used to audit instances and policies created on multicloud platforms by collecting data using API calls
Prowler
An open-source security tool used for security best practices
assessments, audits, incident response, continuous monitoring,
hardening, and forensics readiness for AWS cloud services
Prowler is a command-line tool that can create a report in HTML, CSV, and JSON formats
Pacu
Anexploitation/post exploitation framework used to assess the security configuration of an Amazon Web Services (AWS) account
Similar to Metasploit
CloudBrute
Used to find a target’s infrastructure, files, and apps across the top cloud service providers, including Amazon, Google, Microsoft, DigitalOcean,Alibaba, Vultr, and Linode
Cloud Custodian
▪ An open-source cloud security, governance, and management tool designed to help admins create policies based on different resource types
▪ Cloud Custodian is a stateless rules engine used to manage AWS
environments by validating and enforcing the environment against set standards
