You're reading from Becoming the Hacker The Playbook for Getting Inside the Mind of the Attacker

Product type Paperback

Published in Jan 2019

Publisher Packt

ISBN-13 9781788627962

Length 404 pages

Edition 1st Edition

Tools

Kali Linux

Concepts

Web Penetration Testing

Author (1):

Adrian Pruteanu

View More author details

Table of Contents (17) Chapters

Preface

1. Introduction to Attacking Web Applications FREE CHAPTER

2. Efficient Discovery

3. Low-Hanging Fruit

4. Advanced Brute-forcing

5. File Inclusion Attacks

6. Out-of-Band Exploitation

7. Automated Testing

8. Bad Serialization

9. Practical Client-Side Attacks

10. Practical Server-Side Attacks

11. Attacking APIs

12. Attacking CMS

13. Breaking Containers

Other Books You May Enjoy

Leave a review - let other readers know what you think

Index

Cloud infrastructure

When conducting assessments, it is common for an attacker to leverage command and control (C2) servers during a campaign. The purpose of most C2 servers is to issue commands to malware running inside the compromised environment.

Attackers can instruct malware to exfiltrate data, start a keylogger, execute arbitrary commands or shellcode, and much more. In later chapters, we will primarily use the cloud C2 server to exfiltrate data and to discover vulnerabilities out-of-band.

A C2 server, being accessible from anywhere, is versatile in any engagement. The cloud is the perfect location to host C2 infrastructure. It allows quick and programmable deployments that can be accessed from anywhere in the world. Some cloud providers will even support HTTPS, allowing for the quick spin up of a C2 without having to worry about purchasing and managing domains or certificates.

The popular choice for penetration testers is Amazon Web Services (AWS), a leader in the cloud space. Its services are fairly inexpensive and it offers an introductory free tier option.

Other viable cloud providers include the following:

Microsoft Azure: https://portal.azure.com
Google Cloud Platform: https://cloud.google.com
DigitalOcean: https://www.digitalocean.com
Linode: https://www.linode.com

Microsoft's Azure has a software as a service (SaaS) free tier feature that lets you deploy C2 automatically from a GitHub repository. It also provides HTTPS support out of the box, making it easier to hide C2 data from prying eyes and enabling it to blend in with normal user traffic.

Note

Always get permission (in writing!) from the cloud provider before conducting assessments using its infrastructure, even if it's something as simple as hosting a malicious JavaScript file on a temporary virtual machine.

Cloud internet service providers (ISPs) should have a form available for you to fill out that will detail an upcoming penetration test on their infrastructure. A testing window and contact information will likely need to be provided.

Whether we are using the cloud to house a C2 for an engagement or attacking applications hosted in the cloud, we should always notify the client of penetration testing - related activity.