Workshop that shows how to build your own ASM recon on external and cloud assets. Presented at HackGDL 2024 by @heryxpc
You can use any domain or AWS account you are authorized to perform reconnaissance.
I used CloudGoat as it worked smoothly to spin up AWS resources with interesting characteristics (e.g. over permissive AWS roles/policies), specially when setting the whitelist.txt to 0.0.0.0/0.
⚠️ CloudGoat is a vulnerable by design project and spinning it on a production environment puts in risk the AWS account where it's hosted⚠️
Each demo can be executed independently and has it's own requirements. You can check the details for each at:
- External Attack Surface Management
- Querying domains with Shodan
- Running EasyASM to discover new subdomains
- Running sub.Monitor to discover new subdomains
- Cloud Security Posture/Cloud Attack Surface
- Building Cloud Security Dashboards with CloudQuery and Grafana
- Building Attack Surface Investigation dashboards with Cartography and NeoDash
- EasyASM by @g0ldencybersec
- sub.Monitor by @e1abrador
- Cartography by @lyft contributors
- CloudQuery by @cloudquery contributors
- CloudGoat by @RhinoSecurityLabs contributors
- DefCon 31 Recon Village - Easy EASM The Zero-Dollar Attack Surface Management Tool
- BSidesSF 2023 - Container vuln management with (hopefully) minimal burnout by @achantavy
- SASN webcast Offensive Security Operations with Continuous Attack Surface Management & Always-On Pen Testing by @ChrisADale
- AWS Asset Inventory dashboard with CQ and Grafana
- Official blog post: How to Build an Open Source CSPM with CloudQuery, PostgreSQL and Grafana
- CloudQuery Docker deployment
- CloudQuery AWS plugin tables
- CloudQuery performance tuning
- Neo4j in Docker
- Cartography AWS configuration
- Cartography Tutorial
- Cartography Testing with Docker
- Engineering at Lyft - cartography
Big kudos to @spangenberg and @achantavy for all the help given to prepare this demo 🙌