@_devalias #gopherblazer Gophers, whales and.. clouds? Oh my! Playing with shiny tech, and maybe improving my offensive capacity along the way. 

@_devalias #gopherblazer Who am I? u Glenn ‘devalias’ Grant u http://devalias.net/ u https://twitter.com/_devalias u https://github.com/0xdevalias u https://www.linkedin.com/in/glenn-devalias-grant/ u Penetration Tester @ TSS u Polyglot Developer u And a few other things.. u Biohacker, Bulletproof Coach, Snowboarder, Scuba, Skydiver.. 

@_devalias #gopherblazer Trends & Buzzwords (AKA a few things that caught my interest) 

@_devalias #gopherblazer Docker u https://www.docker.com/ u Containers: Lightweight ‘virtualisation’, shared kernel u Base OS image, data is layered, layers are shared u Alpine Linux base image < 5mb! u DevOps: Build systems, clustering, consistent enviroments.. u Me: Toolkit on every box with no more system clutter! u docker run --rm devalias/gobuster –h 

@_devalias #gopherblazer Serverless & FaaS u Still uses servers, they’re just #InTheCloud™ (and somebody else’s problem) u Cheap! u On demand u Automatic scaling u Function(s) as a Service (FaaS) u Serverless design pattern u Decompose, then decompose again u Modular, Reusable u Easier to comprehend and maintain 

@_devalias #gopherblazer Maybe you’ve head of it? 

@_devalias #gopherblazer Golang u https://golang.org/ u Google, 2009 u C-esque (without a lot of those mind-bending bits) u Compiled, cross platform, statically typed, memory safe, simple concurrency.. u Not functional though D: u Growing fast, good library support, and no heavy-weight interpreter.. u ..looking at you Scala. u Fun! 

@_devalias #gopherblazer An Unexpected Journey How this all started 

@_devalias #gopherblazer Gobuster u https://github.com/OJ/gobuster u “Directory/file & DNS busting tool written in Go” by OJ (@TheColonial) u Go + Lambda != <3 u Native support coming at some stage.. u Many projects to help in the meantime! on Lambda u https://github.com/apex/apex u Easy to (compile), deploy and invoke lambda functions (including Go!) 

@_devalias #gopherblazer The Plan u DirBusting is too slow u I want to see all the things NOW! u Slice up the wordlist into X slices u Run each slice in parallel #InTheCloudTM with Lambda u ??? u Profit! u HACK ALL THE THINGS! 

@_devalias #gopherblazer We’re gonna need a montage.. 

@_devalias #gopherblazer Pray to the demo gods.. 

@_devalias #gopherblazer Now I’m no data scientist.. 

@_devalias #gopherblazer Today I Learned u Use 50 lambda slices with 100 gobuster threads each (~4.89sec/~20.4k words) u Though 20-100 slices really close u Lambda is really (really!) cheap ($1 == ~5.5 days compute time) u Total cost: $0.05 u Invocations: 17,218 u Duration: 6h 3m 32.265s u Collecting data and making charts takes a while.. u Try it at home u https://github.com/0xdevalias/gopherblazer/tree/poc-apex 

@_devalias #gopherblazer Better, FaaSter, Stronger! u What other stuff could we do? u Nmap UDP scans u Port scanning entire subnets u Website crawling, screenshots, basic checks.. u XSS/XXE/etc payload callbacks u Distributed fuzzing u So much potential for disruptive tooling! u Limitations of the Lambda environment might be annoying.. 

@_devalias #gopherblazer AWS already did that.. u Elastic Compute Cloud (EC2) + Auto Scaling u EC2 Container Service (ECS): EC2++ for containers u Batch: define a job, connect a queue, runs on ECS u u Launching ~2 weeks before you think you need it 

@_devalias #gopherblazer OpenFaaS u https://www.openfaas.com/ (@OpenFaaS, #OpenFaaS) u “Serverless Functions Made Simple” u Since December 2016 u Cloud functions, your hardware, with the full power of Docker u Really easy to use u faas-cli build –f https://hakt.us/funcs.yml u faas-cli deploy –f https://hakt.us/funcs.yml u echo “Hack” | faas-cli invoke TheGibson > /root/.workspace/.garbage 

@_devalias #gopherblazer Image to OpenFaaS in 1..4 u Turn an existing Docker image into an OpenFaaS function u It just takes 4 lines: u FROM foo/existing:image u ADD https://github.com/openfaas/faas/releases/download/0.6.11/fwatchdog /usr/bin u ENV fprocess=”run-my-program” u CMD ["fwatchdog"] 

@_devalias #gopherblazer Offensive Docker u Familiar collections u https://hub.docker.com/r/kalilinux/kali-linux-docker/ u Common tools u https://hub.docker.com/r/devalias/gobuster/ u https://github.com/ellerbrock/docker-security-images (@frapsoft) u (nmap, scanssh, tcpdump, arpon, aircrack-ng, snort, nikto..) u https://hub.docker.com/u/ilyaglow/(@ilyaglotov) u (beef, empire, sqlmap, masscan, metasploit, quark, timesketch..) 

@_devalias #gopherblazer Brutesubs u https://github.com/anshumanbh/brutesubs (@anshuman_bh) u "An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose” u Tools u gobuster (@TheColonial) u Recon-ng + enumall (@LaNMaSteR53, @Jhaddix) u Sublist3r / subbrute (@aboul3la, TheRook) u Altdns (@infosec_au) 

@_devalias #gopherblazer Kubebot u https://github.com/anshumanbh/kubebot (@anshuman_bh) u “A security testing Slackbot built with a Kubernetes backend on the Google Cloud Platform” u Features u Initiate scans from Slack, request queued u Tools scheduled, run on Kubernetes cluster u Results stored in Git u Differential results returned to Slack u /runtool nmap|-Pn -p 1-1000|google.com 

@_devalias #gopherblazer Choosing Wisely u Heaps of dockerised tooling out there, only a Google away u But how do you know which to use? u Things I look for: u Official: Is it the official image for the project? u Stars: Is it the most starred or pulled image for this project? u Source: Is the Dockerfile available? u Automated: It is an automated build? u Updated: When was it last pushed? u Size: How big is it? 

@_devalias #gopherblazer Tiny Golang Containers u Golang static compilation u RUN CGO_ENABLED=0 GOOS=linux \ u go build -ldflags="-s -w" -o gobuster u UPX: the Ultimate Packer for eXecutables u RUN upx --brute gobuster -ogobuster.upx u Docker multi build stage (since v17.05) + ‘FROM scratch’ u Example Dockerfile (~1mb container) u https://github.com/0xdevalias/docker-gobuster 

@_devalias #gopherblazer Golang CLI’s with Cobra u https://github.com/spf13/cobra u Program and library for creating easy, powerful command line (CLI) applications, in Go. u No more boilerplate-based new project delays.. u go get -u github.com/spf13/cobra/cobra u cobra init github.com/myUsername/fooApp u cd $GOPATH/src/github.com/myUsername/fooApp u cobra add bar u go run main.go u https://github.com/0xdevalias/gopherblazer/tree/poc-cli/poc-cli 

@_devalias #gopherblazer My own pretty CLI, just like Docker! 

@_devalias #gopherblazer u Currently u Not that much.. u Spent a lot of time playing with ideas, PoCs and rabbit holes GopherBlazer u The Plan u Single ‘source of truth’ for my pentest tool stack, shareable u Replace shell script wrappers u Add ‘connectors’ to wrap Docker run commands, AWS lambda, OpenFaaS, etc u Where? u https://github.com/0xdevalias/gopherblazer (TBC..) 

@_devalias #gopherblazer Future Directions u Actually code GopherBlazer CLI tool.. u More tools u More automation u Explore other ways to (ab)use Docker u Eg. SONM (Supercomputer Organized by Network Mining) u https://sonm.io/ 

@_devalias #gopherblazer Takeaways uBe Curious uPlay uDisrupt uShare 

@_devalias #gopherblazer “Here's to the crazy ones. The misfits. The rebels. The troublemakers. The round pegs in the square holes. The ones who see things differently. Because the people who are crazy enough to think they can change the world, are the ones who do.” – Steve Jobs / Rob Siltanen Think Different 

@_devalias #gopherblazer Questions? ??? 

@_devalias #gopherblazer Gophers, whales and.. clouds? Oh my! Playing with shiny tech, and maybe improving my offensive capacity along the way.