Dear PenTest Readers,
In the current edition of PenTest Mag we come back to one of the most favourite topics in the ethical hacking scope - cloud pentesting! This time our contributors provide you with a closer look into Azure Security, but there is also some great content on Kubernetes, and interesting tools for you to use during your offensive security practical tasks.
We start with an interesting article on Azure policies in the context of monitoring the compliance of your infrastructure. This is a thorough, comprehensive write-up that includes practical aspects as well. Then, you’ll have an opportunity to grasp the Blue Teaming perspective of Azure. The author focuses on two tools - MDI and MDCA - showing their practical potential in depth. On the topic of Azure, you’ll also read a write-up demonstrating the very useful open source tool - Azucar. Also, in another article you will find two nice practical scenarios of Azure pentesting.
If Kubernetes is your thing, we have an article on PacketStreamer, open source k8s security tool presented to you by its author! There is also an interesting interview with the author of OWASP WrongSecrets project, that contains 15 challenges: from hardcoded secrets to Kubernetes and cloud misconfigurations.
Besides the main topic of this edition, you’ll also find articles, tutorials, and case studies on various offensive security tips, discoveries, and techniques, such as bypassing Google Manifest v3 to publish malicious extensions on Chrome Store, the role of honeypots in Endpoint security, and more!
Without further ado,
Enjoy the content!
PenTest Magazine’s Editorial Team.
Table of Contents
Cybersecurity Compliance on Cloud
by Almu Gómez Sánchez-Paulete
In a cloud-based architecture with Microsoft Azure, we have multiple tools that will help us in this process (Azure Role Based Access Control, Azure Group Administration, Azure Blueprints...). In this first article, we will talk about Azure Policies and how they can help us monitor the compliance of our infrastructure.
Azure Security with MDI and MDCA
by Leo Fehmi Aslan
Of course, we all know that ‘no system is secure’, but with the cloud, we are hoping that low hanging fruits will be harder to reach for curious minds. Especially, automated reconnaissance and privilege escalation that comes with the out of the box solutions are quite easy to detect even with a standard cloud security deployment. I want to focus on two tools that I feel comfortable playing around with nowadays. MDI (Microsoft Defender for Identity) and MDCA (Microsoft Defender for Cloud Apps, formerly known as "MCAS"). Let me explain both tools in short before I show their potential in depth.
Wide-area Packet Capture with PacketStreamer [FULL ARTICLE AVAILABLE IN THE FREE PREVIEW VERSION]
by Owen Garrett, Deepfence
PacketStreamer is an open source project from Deepfence. It performs distributed packet capture (tcpdump-like) and aggregates the pcap data in a single pcap file. PacketStreamer supports a wide range of environments, including Kubernetes nodes, Docker hosts, Fargate instances and, of course, virtual and bare-metal servers.
Azucar: Your Tool To Go
by Andrea Cavallini
Azucar can quickly enumerate the Azure Active Directory domain johndoe and interpolate users with groups in order to print the role descriptions for all users. Another example can be done with patches status of virtual machines; in particular, an administrator can manage and update patches for virtual machines using Azure Automation service but it cannot directly get this information by using the Azure PowerShell Cmdlets, Azucar solves this problem and it’s very easy to get information about missing patches or their status in the single update process.
Azure Penetration Testing
by Dinesh Sharma
Since I discussed some AWS related misconfigurations in a previously publishedarticle, in this article, I will be focusing on Azure misconfigurations. Like AWS, Azure is a widely used cloud service provider by Microsoft. It is even used by Fortune 500 companies.
Cloud Access Security Broker (CASB): A Critical Component of Your Organisation's Security Arsenal
by Ram Vaidyanathan, ManageEngine Product Manager
A CASB has become an integral part of any organisation's defence strategy. It can help defend against the use of shadow applications and data exfiltration into the cloud. An effective CASB will integrate seamlessly with a SIEM solution, and will provide network visibility, data security, compliance management, and threat protection. CASBs can help improve the security posture of organisations.
“Kubernetes does allow you to run containers in any sort of way you require, but it comes with a cost”
An interview with Jeroen Willemsen
WrongSecrets is a project that evolves around secrets management. It contains 15 challenges from hardcoded secrets – to Kubernetes- and cloud misconfigurations. It is up to the user to find the secrets and learn from the errors we have put into the project’s stack so they will not make the same mistake (again). WrongSecrets can be run as a standalone Docker container, on a Kubernetes cluster (we currently are focusing on 1.22 compatibility), on AWS, GCP, and Azure. It furthermore contains a testbed of additional secrets so you can test your favorite secrets detection tool for effectiveness. The reason why we do this, is because we (Ben de Haan and I) believe secrets management should get more attention.
How to Bypass Google Manifest v3 to Publish Malicious Extensions on Chrome Store
by Vincius Vieira
For many of us, browser extensions have become an important part of being online. Currently, 50% of the billion Google Chrome users are using extensions to customize their browsing experience. Most often free, extensions enable us to quickly get extra features directly from the browser. Several software companies have created browser extensions to deliver their own products, as they provide a seamless user experience. But then there is the other side of the coin: when extensions are used as an attack vector to exploit their end-users. In this article, we will present research that involves a bypass technique in the security measures recently implemented in Manifest v3 to continue using extensions as an attack vector.
Honeypots in Endpoint Security and How to Deploy a Honeynet
by Gilad David Maayan
In this article, you’ll learn what a honeynet is and how honeypots can help protect your organization’s endpoints. You’ll also learn how to deploy a honeynet with Modern Honey Network (MHN), an open-source tool.
Reconnaissance Phase for Your Pentests
The more information gleaned from a well-conducted reconnaissance exercise will help determine just how the attack is launched. Keep in mind that gathering information is both passive and active. In addition, footprinting and reconnaissance uses low-tech methods, such as Google hacking, along with tools and utilities, such as Maltego and Nmap.