How to Hack Like a GHOST: A detailed account of a breach to remember (Hacking the Planet Book 8) by FLOW Sparc
Author:FLOW, Sparc [FLOW, Sparc]
Language: eng
Format: epub
Published: 2020-02-21T16:00:00+00:00
NODE POD PODIP SERVICE ENV FILESECRET
ip-192 … api- … 10.0.2 … api-token dbCore … api-token- …
ip-192 … ssp-f … 10.10. … default dbCass… default- …
ip-192 … ssp-r … 10.0.3 … default <none> default- …
ip-192 … audit … 10.20.… default <none> default-…
ip-192 … nexus … 10.20. … default <none> deploy-secret …
What a great time to be a hacker! Remember when reconnaissance entailed scanning /16 network and waiting four hours to get a partially similar output? [127] Now it’s barely one command away.
I had to truncate the output because it takes up so much space [128] . The first two columns contain the names of the node and the pod, which help us deduce the nature of the application running inside. The third column is the pod’s IP, which gets us straight to the application, thanks to Kube’s flat network design [129] .
The fourth column lists the service account attached to each pod. Any value different than “default” means that the pod is likely running with additional privileges.
The last two columns list the secrets loaded by the pod, either via environment variables or through a file mounted on disk.
After careful analysis of the type of pods running, it becomes clear that MXR Ads runs all their applications involved in the ad delivery process on Kubernetes. This must allow them to scale their applications up and down according to traffic.
We also spot a couple of datastores, like Redis and Elasticsearch. Redis is a key-value memory database mostly used for caching purposes, whereas Elasticsearch is a document-based database geared toward text search queries. We gather from the pod’s description that Elasticsearch is used for storing audit logs of some (maybe all?) applications:
NODE ip-192-168-72-204.eu-west-1.compute.internal
POD audit - elastic -depl-3dbc-3qozx
PODIP 10.20.86.24
PORT 9200
SERVICE default
ENV <none>
FILESECRET default-token-2mpcg
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Cryptography | Encryption |
Hacking | Network Security |
Privacy & Online Safety | Security Certifications |
Viruses |
Future Crimes by Marc Goodman(3016)
Mastering Python for Networking and Security by José Manuel Ortega(2991)
Blockchain Basics by Daniel Drescher(2915)
Practical Threat Detection Engineering by Megan Roddie & Jason Deyalsingh & Gary J. Katz(2752)
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(2583)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2532)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2501)
Machine Learning Security Principles by John Paul Mueller(2324)
The Art Of Deception by Kevin Mitnick(2319)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(2310)
The Code Book by Simon Singh(2238)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(1990)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(1986)
Solidity Programming Essentials by Ritesh Modi(1968)
Hands-On AWS Penetration Testing with Kali Linux by Benjamin Caudill & Karl Gilbert(1898)
Wireless Hacking 101 by Karina Astudillo(1866)
DarkMarket by Misha Glenny(1859)
Applied Network Security by Arthur Salmon & Michael McLafferty & Warun Levesque(1848)
Mobile Forensics Cookbook by Igor Mikhaylov(1822)