11 Сер, 2023

Cloud Assessments

Penetration Testing as a service (PTaaS)

Tests security measures and simulates attacks to identify weaknesses.

Today’s digital world is unimaginable without cloud technology, which enables organisations to efficiently scale their IT resources, optimise business processes and increase productivity. However, as the presence of data and applications in the cloud increases, so does the risk of cyberattacks. In this article, we look at an important component of cloud cybersecurity – Cloud Assessments.

Fundamentals of Cloud Assessments

Cloud Assessments is a systematic process of analysing and assessing the security of cloud infrastructures and applications. These assessments identify vulnerabilities and potential risks associated with the use of cloud resources and develop appropriate remediation strategies.

Types of Cloud Assessments

Internal and External Assessments

Internal assessments are carried out by an organisation’s internal security teams. They include analysis of network settings, data access and the presence of unauthorised devices. External assessments are performed by independent experts and focus on identifying externally available vulnerabilities.

Architectural and Configuration Assessments

Architectural assessments analyse the overall structure of the cloud infrastructure, identifying potential vulnerabilities. Configuration assessments, in turn, focus on the security of specific resources, applications and services.

The Strategic Significance of Cloud Assessments

Proactive Defense: Detecting Threats Early

Cloud Assessments proffer an invaluable advantage by facilitating early threat detection. By unearthing vulnerabilities before adversaries can exploit them, organizations can swiftly deploy countermeasures, reducing the potential impact of cyberattacks.

Regulatory Resilience: Navigating Compliance Complexities

In an era of stringent regulations, Cloud Assessments serve as a bulwark against non-compliance. By rigorously evaluating security practices and aligning them with industry standards and regulatory requirements, organizations uphold data privacy and cultivate customer trust.

Resource Optimization: Efficiency Beyond Security

Cloud Assessments transcend security concerns, also yielding optimization opportunities. By identifying underutilized resources, redundant deployments, and performance bottlenecks, organizations can optimize resource allocation, enhancing both security and operational efficiency.

Tools that can help with Cloud Assessments

• Lynis is an open source tool for auditing system security, including cloud environments. It performs configuration, vulnerability, and security advisory checks, and provides detailed security status reports.

Step-to-step how to install Lynis:

  • Clone the Lynis repository from GitHub using the git - клон command. Run the following command:

				
					git clone https://github.com/CISOfy/lynis.git

				
			

 

  • Navigate to the Lynis directory:

				
					cd lynis

				
			

 

  • To use Lynis to analyze the cloud, you need to install it on the cloud server and run the command:

				
					sudo lynis audit system

				
			

 

Lynis will begin analyzing your cloud environment and perform a security scan, identifying vulnerabilities and security breaches, and providing recommendations on how to fix them.

Example scanner result:

• CloudHunter is an open-source tool designed for identifying misconfigurations and security risks in cloud infrastructures. This particular version of CloudHunter, hosted on GitHub, is a fork of the original CloudHunter project by RedCloudInfo.

Step-to-step how to install CloudHunter:

  • Clone the CloudHunter repository:

				
					git clone https://github.com/belane/CloudHunter.git

				
			

 

  • Navigate to the CloudHunter directory:

				
					cd CloudHunter

				
			

 

  • Install the required Python packages:

				
					pip install -r requirements.txt

				
			

 

  • Configure CloudHunter:

  • Create and configure a config.ini file based on the provided config.ini.example.

  • Run CloudHunter:

				
					python cloudhunter.py

				
			

 

To open the tool manual, use:

				
					python cloudhunter.py -h
				
			

 

An example of how CloudHunter works:

• CloudEnum is a tool for detecting active subdomains and identifying information about cloud providers based on domain name.

Step-to-step how to install CloudEnum:

  • Navigate to the directory where you want to install CloudEnum and clone the repository using the following command:

				
					git clone https://github.com/initstring/cloud_enum.git

				
			

 

  • Navigate to the cloud_enum directory:

				
					cd cloud_enum

				
			

 

  • Install the required Python dependencies using pip by executing the following command:

				
					pip3 install -r requirements.txt

				
			

 

  • Now you can run CloudEnum by using the command:

				
					python3 cloud_enum.py -h

				
			

 

This will display the usage help, showing the available options and functionality of CloudEnum.

An example of how CloudEnum works:

• Prowler is an AWS (Amazon Web Services) security scanning tool that helps you automatically detect vulnerabilities and security breaches in your AWS configuration. It is developed in the Python programming language and offers a wide range of checks that can be performed in your AWS environment.

Step-to-step how to install Prowler:

  • Install Prowler by following the instructions on the GitHub repository page. You can clone the repository to your desired directory:

				
					git clone https://github.com/prowler-cloud/prowler.git

				
			

 

  • Navigate to the Prowler directory:

				
					cd prowler

				
			

 

  • Make sure you have properly configured your AWS-CLI with a valid Access Key and Region or declare AWS variables properly (or instance profile/role):

				
					aws configure

				
			

 

The keys that matter are the first two, the region and output format can be left as default. Now let us run Prowler. 

We are scanning the AWS environment, so we launch:

				
					python prowler aws
				
			

Prowler offers various command-line options to customize the scan, including choosing the AWS region, enabling or disabling specific checks, and specifying output formats. You can explore additional settings and options by running Prowler with the -h flag:

				
					python3 prowler.py -h

				
			

More documentation on Prowler тут

• CloudSploit is an open-source project designed to allow detection of security risks in cloud infrastructure accounts, including: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), and GitHub. These scripts are designed to return a series of potential misconfigurations and security risks.

Step-to-step how to install CloudSploit:

  • Clone the CloudSploit repository from GitHub:

				
					git clone https://github.com/aquasecurity/cloudsploit.git

				
			

 

  • Change into the cloudsploit directory:

				
					cd cloudsploit

				
			

 

  • Install the required dependencies using npm:

				
					npm install

				
			

 

  • Run the index.js script with the -h option to display the available command-line options and help information:

				
					node index.js -h

				
			

Example of a scanner report:

You can use –csv=file.csv to output in .csv format

• Barq is a post-exploitation framework that allows you to easily perform attacks on a running AWS infrastructure. It allows you to attack running EC2 instances without having the original instance SSH keypairs. It also allows you to perform enumeration and extraction of stored Secrets and Parameters in AWS.

Step-to-step how to install Barq:

  • Clone the repository by running the following command in your terminal:

				
					git clone https://github.com/Voulnet/barq

				
			

 

  • Change your directory to the “barq” folder:

				
					cd barq
				
			

 

  • Install the required dependencies by running the following command:

				
					pip3 install -r requirements.txt

				
			

 

  • Once the installation is complete, you can open the manual for the “barq” tool by executing the following command:

				
					python3 barq.py -h

				
			


Scan result:

• BlobHunter helps you identify Azure blob storage containers which store files that are publicly available to anyone with an internet connection.

Step-to-step how to install BlobHunter:

  • Clone the repository by running the following command in your terminal:

				
					git clone https://github.com/cyberark/blobhunter

				
			

 

  • Change your directory to the “blobhunter” folder:

				
					cd blobhunter

				
			

 

  • Install the required dependencies by running the following command:

				
					pip install -r requirements.txt
				
			

 

Scan result:

• CloudBrute a tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike.

Step-to-step how to install CloudBrute:

  • Clone the repository by running the following command in your terminal:

				
					git clone https://github.com/0xsha/CloudBrute

				
			

 

  • Change your directory to the “CloudBrute” folder:

				
					cd CloudBrute

				
			

 

  • Build the executable by running the following command:

				
					go build -o CloudBrute main.go

				
			

 

This will compile the Go source code and create an executable named “CloudBrute”.

  • Once the build process is complete, you can open the manual for the “CloudBrute” tool by executing the following command:

				
					./CloudBrute -h

				
			

 

Scan result:

Azure:

AWS:

• Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.

Step-to-step how to install Scout Suite:

  • Clone the repository by running the following command in your terminal:

				
					git clone https://github.com/nccgroup/ScoutSuite

				
			

 

  • Change your directory to the “ScoutSuite” folder:

				
					cd ScoutSuite

				
			

 

  • Install the required dependencies by running the following command:

				
					pip install -r requirements.txt

				
			

 

  • Once the installation is complete, you can open the manual for the “ScoutSuite” tool by executing the following command:

				
					python scout.py --help

				
			

 

Scan result:

• CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s an open source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure.

Step-to-step how to install CloudFox:

  • Clone the repository by running the following command in your terminal:

				
					git clone https://github.com/BishopFox/cloudfox

				
			

 

  • Change your directory to the “cloudfox” folder:

				
					cd cloudfox

				
			

 

  • Build the executable by running the following command:

				
					go build .

				
			

 

This will compile the Go source code and create an executable file named “cloudfox”.

  • Once the build process is complete, you can open the manual for the “cloudfox” tool by executing the following command:

				
					./cloudfox -h

				
			

 

Scan result:

Azure:

AWS:

• Pacu is an open-source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current modules enable a range of attacks, including user privilege escalation, backdooring of IAM users, attacking vulnerable Lambda functions, and much more.

Step-to-step how to install Pacu:

  • Clone the repository by running the following command in your terminal:

				
					git clone https://github.com/RhinoSecurityLabs/pacu

				
			

 

  • Change your directory to the “pacu” folder:

				
					cd pacu

				
			

 

  • Run the installation script with root privileges by executing the following command:

				
					sudo bash install.sh

				
			

 

  • Once the installation is complete, you can open the manual for the “Pacu” tool by executing the following command:

				
					sudo python3 cli.py

				
			

 

Scan result:

• CloudGPT tool automatically redacts the customer account number by replacing them with a randomly generated account number before sending the policies to ChatGPT. Knowledge of a vulnerable policy without knowledge of the account that has the policy provisioned, is useless to OpenAI. Additionally, the internal prompt has continually returned responses starting with Yes or No, therefore, we are just parsing this portion of the response to determine vulnerability. Those using the tool should manually review the responses in the output to determine context of the response. It’s not perfect but it’s absolutely helpful.

Step-to-step how to install CloudGPT:

  • Clone the repository by running the following command in your terminal:

				
					git clone https://github.com/ustayready/cloudgpt

				
			

 

  • Change your directory to the “cloudgpt” folder:

				
					cd cloudgpt

				
			

 

  • Install the required dependencies by running the following command:

				
					pip install -r requirements.txt

				
			

 

  • Once the installation is complete, you can open the manual for the “cloudgpt” tool by executing the following command:

				
					python scan.py -h

				
			


Scan result:

• Enumerate-IAM tool is a utility designed to help with the enumeration and analysis of AWS Identity and Access Management (IAM) permissions. It is available as an open-source project on GitHub and is maintained by Andres Riancho.

Step-to-step how to install CloudGPT:

  • Clone the repository by running the following command in your terminal:

				
					git clone https://github.com/andresriancho/enumerate-iam

				
			

 

  • Change your directory to the “enumerate-iam” folder:

				
					cd enumerate-iam

				
			

 

  • Install the required dependencies by running the following command:

				
					pip install -r requirements.txt

				
			

 

  • Once the installation is complete, you can open the manual for the “enumerate-iam” tool by executing the following command:

				
					python3 enumerate-iam.py -h

				
			

 

Scan result:

• CloudMapper helps you analyze your Amazon Web Services (AWS) environments. The original purpose was to generate network diagrams and display them in your browser (functionality no longer maintained). It now contains much more functionality, including auditing for security issues.

Step-to-step how to install CloudMapper:

  • Клонування репозиторію:

				
					git clone https://github.com/duo-labs/cloudmapper.git

				
			

 

  • Navigate to the cloned “cloudmapper” directory:

				
					cd cloudmapper/

				
			

 

  • Install the required Python packages from the “requirements.txt” file:

				
					pip install -r requirements.txt

				
			

 

  • Open manual: 

				
					python cloudmapper.py -h 
				
			


Scan result:

• Principal Mapper (PMapper) is a script and library for identifying risks in the configuration of AWS Identity and Access Management (IAM) for an AWS account or an AWS organization. It models the different IAM Users and Roles in an account as a directed graph, which enables checks for privilege escalation and for alternate paths an attacker could take to gain access to a resource or action in AWS.

Step-to-step how to install PMapper:

  • Клонування репозиторію:

				
					git clone https://github.com/nccgroup/PMapper

				
			

 

  • Navigate to the PMapper directory:

				
					cd PMapper

				
			

 

  • Install the required Python packages from the “requirements.txt” file:

				
					pip install -r requirements.txt

				
			

 

  • Open the manual for instructions on how to use PMapper:

				
					python pmapper.py -h

				
			


Scan result:

A case where Cloud Assessment helped a company remediate vulnerabilities in its cloud infrastructure

In a recent incident, sensitive data related to an Electronic Flight Bag (EFB) was exposed due to a misconfigured Amazon S3 storage bucket. This situation underscores the critical importance of thorough cloud assessments, not only for aviation companies but for businesses across various industries.

The compromised data included essential flight details, source code, and personnel information, potentially endangering flight operations and compromising the privacy of individuals. The EFB system, utilized by pilots for navigation, safety procedures, takeoff and landing, was left accessible due to inadequate security measures.

One of the significant implications of this exposure is the potential tampering with sensitive flight data and software source code. Unauthorized access to plain-text passwords and secret keys could lead to unauthorized modifications, potentially blocking vital information from reaching airline staff and jeopardizing passenger and crew safety.

While it’s unclear whether malicious actors exploited the breach, the incident highlights the potential risks involved in not properly securing cloud storage systems. Cloud assessment, a comprehensive evaluation of the security measures and configurations in cloud environments, is crucial to prevent such incidents.

This event serves as a reminder that cloud assessment is not limited to aviation companies but is relevant to every business relying on cloud services. It emphasizes the need to ensure proper configuration, access controls, and encryption measures are in place to protect sensitive data.

Beyond aviation, any organization using cloud storage for critical data must conduct regular assessments to identify vulnerabilities, misconfigurations, and potential points of entry for unauthorized individuals. Cloud assessment is a proactive approach to cybersecurity that helps safeguard data, maintain customer trust, and prevent financial losses due to data breaches.

In conclusion, the exposure of sensitive flight data through a misconfigured cloud storage bucket underscores the necessity of cloud assessment for all businesses. By conducting regular assessments, companies can proactively identify and rectify security weaknesses, ensuring the confidentiality, integrity, and availability of their data in the cloud.

Current Trends in Cloud Assessment

Holistic Security Evaluation

Contemporary Cloud Assessments transcend traditional vulnerability scans. Organizations are increasingly embracing holistic evaluations that encompass architecture, configuration, and operational practices. This approach provides a comprehensive understanding of potential risks, enhancing the overall security posture.

Hybrid and Multi-Cloud Complexity

The prevalence of hybrid and multi-cloud environments presents a new challenge. Cloud Assessments now extend beyond a single cloud provider, requiring organizations to navigate the intricate interplay of various platforms while maintaining consistent security standards.

Automation and AI Integration

Automation and artificial intelligence are revolutionizing Cloud Assessments. Automated scans, AI-driven anomaly detection, and predictive analytics streamline the assessment process, enabling faster identification and mitigation of vulnerabilities.

Regulatory Compliance Integration

Cloud Assessments are evolving to seamlessly integrate regulatory compliance evaluations. Organizations are aligning their assessments with industry standards and regulations, ensuring data privacy and meeting legal requirements.

The Future Landscape of Cloud Assessment

Zero Trust Architecture Integration

The evolution of Cloud Assessments will witness the integration of Zero Trust Architecture principles. This paradigm shift emphasizes continuous verification and strict access controls, ensuring that trust is never assumed, even within the cloud environment.

Quantum Computing Preparedness

As quantum computing advances, Cloud Assessments will adapt to evaluate the impact of this technology on cybersecurity. Assessments will focus on preparing organizations for the era of quantum-safe encryption and resilient cloud infrastructure.

Threat Intelligence Integration

Future Cloud Assessments will harness threat intelligence feeds to provide real-time insights into emerging cyber threats. This proactive approach will empower organizations to preemptively defend against novel attack vectors.

DevSecOps Synergy

Cloud Assessment methodologies will harmonize with DevSecOps practices, embedding security seamlessly into the software development lifecycle. This integration will enhance security from the inception of cloud applications and services.

Висновок

Cloud Assessments are an integral part of securing cloud environments. This process enables organisations to proactively protect their data and resources and respond effectively to evolving cyber threats. The increasingly rapid evolution of cloud technologies highlights the need for careful security analysis and assessment to successfully operate in the digital age.

Інші Послуги

Готові до безпеки?

зв'язатися з нами