Gophers, whales and.. clouds? Oh my!

@_devalias #gopherblazer
Gophers, whales and..
clouds? Oh my!
Playing with shiny tech, and maybe improving my offensive capacity
along the way.

Who am I?
u Glenn ‘devalias’ Grant
u http://devalias.net/
u https://twitter.com/_devalias
u https://github.com/0xdevalias
u https://www.linkedin.com/in/glenn-devalias-grant/
u Penetration Tester @ TSS
u Polyglot Developer
u And a few other things..
u Biohacker, Bulletproof Coach, Snowboarder, Scuba, Skydiver..

Trends & Buzzwords
(AKA a few things that caught my interest)

Docker
u https://www.docker.com/
u Containers: Lightweight ‘virtualisation’, shared kernel
u Base OS image, data is layered, layers are shared
u Alpine Linux base image < 5mb!
u DevOps: Build systems, clustering, consistent enviroments..
u Me: Toolkit on every box with no more system clutter!
u docker run --rm devalias/gobuster –h

Serverless & FaaS
u Still uses servers, they’re just #InTheCloud™ (and somebody else’s
problem)
u Cheap!
u On demand
u Automatic scaling
u Function(s) as a Service (FaaS)
u Serverless design pattern
u Decompose, then decompose again
u Modular, Reusable
u Easier to comprehend and maintain

Maybe you’ve head of it?

Golang
u https://golang.org/
u Google, 2009
u C-esque (without a lot of those mind-bending bits)
u Compiled, cross platform, statically typed, memory safe, simple
concurrency..
u Not functional though D:
u Growing fast, good library support, and no heavy-weight interpreter..
u ..looking at you Scala.
u Fun!

An Unexpected Journey
How this all started

Gobuster
u https://github.com/OJ/gobuster
u “Directory/file & DNS busting tool written in Go” by OJ (@TheColonial)
u Go + Lambda != <3
u Native support coming at some stage..
u Many projects to help in the meantime!
on Lambda
u https://github.com/apex/apex
u Easy to (compile), deploy and invoke lambda functions (including Go!)

The Plan
u DirBusting is too slow
u I want to see all the things NOW!
u Slice up the wordlist into X slices
u Run each slice in parallel #InTheCloudTM with Lambda
u ???
u Profit!
u HACK ALL THE THINGS!

We’re gonna need a montage..

Pray to the demo gods..

Now I’m no data scientist..

Today I Learned
u Use 50 lambda slices with 100 gobuster threads each (~4.89sec/~20.4k
words)
u Though 20-100 slices really close
u Lambda is really (really!) cheap ($1 == ~5.5 days compute time)
u Total cost: $0.05
u Invocations: 17,218
u Duration: 6h 3m 32.265s
u Collecting data and making charts takes a while..
u Try it at home
u https://github.com/0xdevalias/gopherblazer/tree/poc-apex

Better, FaaSter, Stronger!
u What other stuff could we do?
u Nmap UDP scans
u Port scanning entire subnets
u Website crawling, screenshots, basic checks..
u XSS/XXE/etc payload callbacks
u Distributed fuzzing
u So much potential for disruptive tooling!
u Limitations of the Lambda environment might be annoying..

AWS already did that..
u Elastic Compute Cloud (EC2) + Auto Scaling
u EC2 Container Service (ECS): EC2++ for containers
u Batch: define a job, connect a queue, runs on ECS
u <thing you need>
u Launching ~2 weeks before you think you need it

OpenFaaS
u https://www.openfaas.com/ (@OpenFaaS, #OpenFaaS)
u “Serverless Functions Made Simple”
u Since December 2016
u Cloud functions, your hardware, with the full power of Docker
u Really easy to use
u faas-cli build –f https://hakt.us/funcs.yml
u faas-cli deploy –f https://hakt.us/funcs.yml
u echo “Hack” | faas-cli invoke TheGibson >
/root/.workspace/.garbage

Image to OpenFaaS in 1..4
u Turn an existing Docker image into an OpenFaaS function
u It just takes 4 lines:
u FROM foo/existing:image
u ADD
https://github.com/openfaas/faas/releases/download/0.6.11/fwatchdog
/usr/bin
u ENV fprocess=”run-my-program”
u CMD ["fwatchdog"]

Offensive Docker
u Familiar collections
u https://hub.docker.com/r/kalilinux/kali-linux-docker/
u Common tools
u https://hub.docker.com/r/devalias/gobuster/
u https://github.com/ellerbrock/docker-security-images (@frapsoft)
u (nmap, scanssh, tcpdump, arpon, aircrack-ng, snort, nikto..)
u https://hub.docker.com/u/ilyaglow/(@ilyaglotov)
u (beef, empire, sqlmap, masscan, metasploit, quark, timesketch..)

Brutesubs
u https://github.com/anshumanbh/brutesubs (@anshuman_bh)
u "An automation framework for running multiple open sourced subdomain
bruteforcing tools (in parallel) using your own wordlists via Docker
Compose”
u Tools
u gobuster (@TheColonial)
u Recon-ng + enumall (@LaNMaSteR53, @Jhaddix)
u Sublist3r / subbrute (@aboul3la, TheRook)
u Altdns (@infosec_au)

Kubebot
u https://github.com/anshumanbh/kubebot (@anshuman_bh)
u “A security testing Slackbot built with a Kubernetes backend on the
Google Cloud Platform”
u Features
u Initiate scans from Slack, request queued
u Tools scheduled, run on Kubernetes cluster
u Results stored in Git
u Differential results returned to Slack
u /runtool nmap|-Pn -p 1-1000|google.com

Choosing Wisely
u Heaps of dockerised tooling out there, only a Google away
u But how do you know which to use?
u Things I look for:
u Official: Is it the official image for the project?
u Stars: Is it the most starred or pulled image for this project?
u Source: Is the Dockerfile available?
u Automated: It is an automated build?
u Updated: When was it last pushed?
u Size: How big is it?

Tiny Golang Containers
u Golang static compilation
u RUN CGO_ENABLED=0 GOOS=linux
u go build -ldflags="-s -w" -o gobuster
u UPX: the Ultimate Packer for eXecutables
u RUN upx --brute gobuster -ogobuster.upx
u Docker multi build stage (since v17.05) + ‘FROM scratch’
u Example Dockerfile (~1mb container)
u https://github.com/0xdevalias/docker-gobuster

Golang CLI’s with Cobra
u https://github.com/spf13/cobra
u Program and library for creating easy, powerful command line (CLI)
applications, in Go.
u No more boilerplate-based new project delays..
u go get -u github.com/spf13/cobra/cobra
u cobra init github.com/myUsername/fooApp
u cd $GOPATH/src/github.com/myUsername/fooApp
u cobra add bar
u go run main.go
u https://github.com/0xdevalias/gopherblazer/tree/poc-cli/poc-cli

My own pretty CLI, just like Docker!

u Currently
u Not that much..
u Spent a lot of time playing with ideas, PoCs and rabbit holes
GopherBlazer
u The Plan
u Single ‘source of truth’ for my pentest tool stack, shareable
u Replace shell script wrappers
u Add ‘connectors’ to wrap Docker run commands, AWS lambda, OpenFaaS,
etc
u Where?
u https://github.com/0xdevalias/gopherblazer (TBC..)

Future Directions
u Actually code GopherBlazer CLI tool..
u More tools
u More automation
u Explore other ways to (ab)use Docker
u Eg. SONM (Supercomputer Organized by Network Mining)
u https://sonm.io/

Takeaways
uBe Curious
uPlay
uDisrupt
uShare

“Here's to the crazy ones. The misfits. The
rebels. The troublemakers. The round pegs
in the square holes. The ones who see
things differently.
Because the people who are crazy enough to
think they can change the world, are the
ones who do.”
– Steve Jobs / Rob Siltanen
Think Different

Questions?
???

Gophers, whales and.. clouds? Oh my!

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Gophers, whales and.. clouds? Oh my!

Semelhante a Gophers, whales and.. clouds? Oh my! (20)

Último

Último (20)

Gophers, whales and.. clouds? Oh my!