Gophers, whales and.. clouds? Oh my!

Transcript

1. @_devalias #gopherblazer Gophers, whales and.. clouds? Oh my! Playing with

   shiny tech, and maybe improving my offensive capacity along the way.

2. @_devalias #gopherblazer Who am I? u Glenn ‘devalias’ Grant u

   http://devalias.net/ u https://twitter.com/_devalias u https://github.com/0xdevalias u https://www.linkedin.com/in/glenn-devalias-grant/ u Penetration Tester @ TSS u Polyglot Developer u And a few other things.. u Biohacker, Bulletproof Coach, Snowboarder, Scuba, Skydiver..

3. @_devalias #gopherblazer Trends & Buzzwords (AKA a few things that

   caught my interest)

4. @_devalias #gopherblazer Docker u https://www.docker.com/ u Containers: Lightweight ‘virtualisation’, shared

   kernel u Base OS image, data is layered, layers are shared u Alpine Linux base image < 5mb! u DevOps: Build systems, clustering, consistent enviroments.. u Me: Toolkit on every box with no more system clutter! u docker run --rm devalias/gobuster –h

5. @_devalias #gopherblazer Serverless & FaaS u Still uses servers, they’re

   just #InTheCloud™ (and somebody else’s problem) u Cheap! u On demand u Automatic scaling u Function(s) as a Service (FaaS) u Serverless design pattern u Decompose, then decompose again u Modular, Reusable u Easier to comprehend and maintain

6. @_devalias #gopherblazer Maybe you’ve head of it?

7. @_devalias #gopherblazer Golang u https://golang.org/ u Google, 2009 u C-esque

   (without a lot of those mind-bending bits) u Compiled, cross platform, statically typed, memory safe, simple concurrency.. u Not functional though D: u Growing fast, good library support, and no heavy-weight interpreter.. u ..looking at you Scala. u Fun!

8. @_devalias #gopherblazer An Unexpected Journey How this all started

9. @_devalias #gopherblazer Gobuster u https://github.com/OJ/gobuster u “Directory/file & DNS busting

   tool written in Go” by OJ (@TheColonial) u Go + Lambda != <3 u Native support coming at some stage.. u Many projects to help in the meantime! on Lambda u https://github.com/apex/apex u Easy to (compile), deploy and invoke lambda functions (including Go!)

10. @_devalias #gopherblazer The Plan u DirBusting is too slow u

    I want to see all the things NOW! u Slice up the wordlist into X slices u Run each slice in parallel #InTheCloudTM with Lambda u ??? u Profit! u HACK ALL THE THINGS!

11. @_devalias #gopherblazer We’re gonna need a montage..

12. @_devalias #gopherblazer Pray to the demo gods..

13. @_devalias #gopherblazer Now I’m no data scientist..

14. @_devalias #gopherblazer Today I Learned u Use 50 lambda slices

    with 100 gobuster threads each (~4.89sec/~20.4k words) u Though 20-100 slices really close u Lambda is really (really!) cheap ($1 == ~5.5 days compute time) u Total cost: $0.05 u Invocations: 17,218 u Duration: 6h 3m 32.265s u Collecting data and making charts takes a while.. u Try it at home u https://github.com/0xdevalias/gopherblazer/tree/poc-apex

15. @_devalias #gopherblazer Better, FaaSter, Stronger! u What other stuff could

    we do? u Nmap UDP scans u Port scanning entire subnets u Website crawling, screenshots, basic checks.. u XSS/XXE/etc payload callbacks u Distributed fuzzing u So much potential for disruptive tooling! u Limitations of the Lambda environment might be annoying..

16. @_devalias #gopherblazer AWS already did that.. u Elastic Compute Cloud

    (EC2) + Auto Scaling u EC2 Container Service (ECS): EC2++ for containers u Batch: define a job, connect a queue, runs on ECS u <thing you need> u Launching ~2 weeks before you think you need it

17. @_devalias #gopherblazer OpenFaaS u https://www.openfaas.com/ (@OpenFaaS, #OpenFaaS) u “Serverless Functions

    Made Simple” u Since December 2016 u Cloud functions, your hardware, with the full power of Docker u Really easy to use u faas-cli build –f https://hakt.us/funcs.yml u faas-cli deploy –f https://hakt.us/funcs.yml u echo “Hack” | faas-cli invoke TheGibson > /root/.workspace/.garbage

18. @_devalias #gopherblazer Image to OpenFaaS in 1..4 u Turn an

    existing Docker image into an OpenFaaS function u It just takes 4 lines: u FROM foo/existing:image u ADD https://github.com/openfaas/faas/releases/download/0.6.11/fwatchdog /usr/bin u ENV fprocess=”run-my-program” u CMD ["fwatchdog"]

19. @_devalias #gopherblazer Offensive Docker u Familiar collections u https://hub.docker.com/r/kalilinux/kali-linux-docker/ u

    Common tools u https://hub.docker.com/r/devalias/gobuster/ u https://github.com/ellerbrock/docker-security-images (@frapsoft) u (nmap, scanssh, tcpdump, arpon, aircrack-ng, snort, nikto..) u https://hub.docker.com/u/ilyaglow/(@ilyaglotov) u (beef, empire, sqlmap, masscan, metasploit, quark, timesketch..)

20. @_devalias #gopherblazer Brutesubs u https://github.com/anshumanbh/brutesubs (@anshuman_bh) u "An automation framework

    for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose” u Tools u gobuster (@TheColonial) u Recon-ng + enumall (@LaNMaSteR53, @Jhaddix) u Sublist3r / subbrute (@aboul3la, TheRook) u Altdns (@infosec_au)

21. @_devalias #gopherblazer Kubebot u https://github.com/anshumanbh/kubebot (@anshuman_bh) u “A security testing

    Slackbot built with a Kubernetes backend on the Google Cloud Platform” u Features u Initiate scans from Slack, request queued u Tools scheduled, run on Kubernetes cluster u Results stored in Git u Differential results returned to Slack u /runtool nmap|-Pn -p 1-1000|google.com

22. @_devalias #gopherblazer Choosing Wisely u Heaps of dockerised tooling out

    there, only a Google away u But how do you know which to use? u Things I look for: u Official: Is it the official image for the project? u Stars: Is it the most starred or pulled image for this project? u Source: Is the Dockerfile available? u Automated: It is an automated build? u Updated: When was it last pushed? u Size: How big is it?

23. @_devalias #gopherblazer Tiny Golang Containers u Golang static compilation u

    RUN CGO_ENABLED=0 GOOS=linux \ u go build -ldflags="-s -w" -o gobuster u UPX: the Ultimate Packer for eXecutables u RUN upx --brute gobuster -ogobuster.upx u Docker multi build stage (since v17.05) + ‘FROM scratch’ u Example Dockerfile (~1mb container) u https://github.com/0xdevalias/docker-gobuster

24. @_devalias #gopherblazer Golang CLI’s with Cobra u https://github.com/spf13/cobra u Program

    and library for creating easy, powerful command line (CLI) applications, in Go. u No more boilerplate-based new project delays.. u go get -u github.com/spf13/cobra/cobra u cobra init github.com/myUsername/fooApp u cd $GOPATH/src/github.com/myUsername/fooApp u cobra add bar u go run main.go u https://github.com/0xdevalias/gopherblazer/tree/poc-cli/poc-cli

25. @_devalias #gopherblazer My own pretty CLI, just like Docker!

26. @_devalias #gopherblazer u Currently u Not that much.. u Spent

    a lot of time playing with ideas, PoCs and rabbit holes GopherBlazer u The Plan u Single ‘source of truth’ for my pentest tool stack, shareable u Replace shell script wrappers u Add ‘connectors’ to wrap Docker run commands, AWS lambda, OpenFaaS, etc u Where? u https://github.com/0xdevalias/gopherblazer (TBC..)

27. @_devalias #gopherblazer Future Directions u Actually code GopherBlazer CLI tool..

    u More tools u More automation u Explore other ways to (ab)use Docker u Eg. SONM (Supercomputer Organized by Network Mining) u https://sonm.io/

28. @_devalias #gopherblazer Takeaways uBe Curious uPlay uDisrupt uShare

29. @_devalias #gopherblazer “Here's to the crazy ones. The misfits. The

    rebels. The troublemakers. The round pegs in the square holes. The ones who see things differently. Because the people who are crazy enough to think they can change the world, are the ones who do.” – Steve Jobs / Rob Siltanen Think Different

30. @_devalias #gopherblazer Questions? ???

31. @_devalias #gopherblazer Gophers, whales and.. clouds? Oh my! Playing with

    shiny tech, and maybe improving my offensive capacity along the way.