LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code.
LambdaGuard is an AWS Lambda auditing tool designed to create asset visibility and provide actionable results. It provides a meaningful overview in terms of statistical analysis, AWS service dependencies and configuration checks from the security perspective.
There are various common pitfalls in a serverless environment which LambdaGuard the lambda serverless security scanner can scan for and find such as:
- Poorly defined policies (Unrestricted Actions, Unrestricted Principal, Undefined Conditions)
- Public S3 buckets
- Public SQS queues
- Public API Gateway
It can also optionally run static code analysis on function source code (using SonarQube).
It outputs reports in JSON and/or HTML.
How to Install LambdaGuard AWS Lambda Serverless Security Scanner
From PyPI
|
1 |
>pip3 install lambdaguard |
From Github
|
1 2 3 |
git clone https://github.com/Skyscanner/lambdaguard cd lambdaguard sudo make install |
You can download LambdaGuard here:
Or read more here.
Topic: Security Software
exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
This will convert any binary file (*.exe) to a BAT file, the resulting BAT file contains only echo commands followed by a PowerShell command to re-create the original binary file.
This kind of tool can be useful during a pen-test when you want to trigger a shell without any upload feature. With echo and PowerShell the auditor is able to upload any binary file to the target system.
This version is modernized from exe2bat to work with current Windows versions as exe2bat had some limitations:
- Needs
debug.exeavailable on the target computer (16-bit application which was removed in Windows 7 x64 but available in Windows 7 x86) - Limits input exe size to 64kB
exe2powershell replaces the need of debug.exe by using a PowerShell command line which is available on all Windows since Windows 7 / 2008 and there is no more limitation in input exe size.
Usage of exe2powershell to Convert EXE to BAT Files
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
C:\exe2powershell\bin>exe2powershell.exe ______ ___ _____ _____ _ _ _ | ____| |__ \| __ \ / ____| | | | | | |__ __ _____ ) | |__) |____ _____ _ _| (___ | |__ ___| | | | __| \ \/ / _ \ / /| ___/ _ \ \ /\ / / _ \ '__\___ \| '_ \ / _ \ | | | |____ > < __// /_| | | (_) \ V V / __/ | ____) | | | | __/ | | |______/_/\_\___|____|_| \___/ \_/\_/ \___|_| |_____/|_| |_|\___|_|_| [ exe2bat reborn in exe2powershell for modern Windows ] [ initial author ninar1, based on riftor work, and modernized by ycam ] [ exe2powershell version 1.0 - keep up2date: asafety.fr / synetis.com ] [*] Usage : exe2powershell.exe inputfile outputfile [*] e.g. : exe2powershell.exe nc.exe nc.bat |
You can download exe2powershell here:
Or read more here.
Topic: Windows Hacking
HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers. It supports custom rules with netfilter (block ports, hidden mode, rootkit functions etc).
The motivation is basically another layer of protection, much like a hidden firewall – setting securelevel to 2 on BSD would have a similar effect.
In a typical attack, the bad actor can alter your IPTables or UFW rules – with HiddenWall you still have another layer that can block external access because it hooks directly into netfilter from kernel land.
The author created it to protect his own servers but realised it also helps people who can’t write low-level code roll their own customized, hidden kernel modules.
If you can write low-level code, you can always add more module templates to HiddenWall.
Installing HiddenWall to Create Hidden Kernel Modules
Verify if the kernel version is 3.x, 4.x or 5.x:
|
1 |
uname -r |
Clone the repository
|
1 |
git clone https://github.com/CoolerVoid/HiddenWall |
Enter the folder
|
1 |
cd HiddenWall/module_generator |
Edit your firewall rules in directory rules/server.yaml, the python scripts use that file to generate a new firewall module.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
$ cat rules/server.yaml module_name: SandWall public_ports: 80,443,53 unhide_key: AbraKadabra hide_key: Shazam fake_device_name: usb14 liberate_in_2_out: True whitelist: - machine: ip: 192.168.100.181 open_ports: 22,21 - machine: ip: 192.168.100.22 open_ports: 22 |
If you want to study the static code to generate, look the content at directory “templates”.
Then you would want to generate a kernel module following your YAML file of rules:
|
1 |
$ python3 WallGen.py --template template/hiddenwall.c -r rules/server.yaml |
Then install it with insmod.
You can download HiddenWall here:
Or read more here.
Topic: Security Software
Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of nominated strings, filenames, binaries, deprecated functions, staging environment code/credentials etc.
It’s main function is to block content based on regular expressions.
Anything that can be specified with regular expression syntax, can be sniffed out by Anteater. You tell Anteater exactly what you don’t want to get merged, and anteater looks after the rest.
How Anteater CI/CD Security Gate Check Framework Works
If Anteater finds something, it exits with a non-zero code which in turn fails the build of your CI tool, with the idea that it would prevent a pull request merging. Any false positives are easily negated by using the same RegExp framework to cancel out the false match.
Entire projects may also be scanned also, using a recursive directory walk. With a few simple steps, it can be easily implemented into a CI/CD workflow with tooling such as Travis CI, CircleCI, Gitlab CI/CD and Jenkins.
Anteater also provides integrates with the Virus Total API, so any binaries, public IP addresses or URL’s found by Anteater, will be sent to the Virus Total API and a report will be returned. If any object is reported as malicious, it will fail the CI build job.
You can also set it to block all binaries or tamper with existing binaries (this includes PDFs, Images etc.) and you can whitelist desired binaries using a SHA256 checksum.
Using Anteater CI/CD Security Gate Checks
There is some excellent documentation for Anteater here:
Docs » Anteater – CI/CD Gate Check Framework
This includes how to get it working with CircleCI which is my personal choice for CI tooling.
In order to use the VirusTotal API, you will first require an API key. These are free to get and can be obtained by signing up to the service here.
Once you have your key, it needs to be set as an environment variable.
You can download Anteater here:
Or read more here.
Topic: Countermeasures
Stardox – Github Stargazers Information Gathering Tool
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view. It can be used for collecting information about your or someone else’s repository stargazers details. GitHub allows visitors to star a repo to bookmark it for later perusal. Stars represent a casual interest […]
Topic: Hacking Tools
ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol. ZigBee continues to grow in popularity as a method for providing simple wireless communication between devices (i.e. low power/traffic, short distance), & can be found in a variety of consumer products that range from […]
Topic: Hardware Hacking