How to Hack Like a GHOST: A detailed account of a breach to remember (Hacking the Planet Book 8) by FLOW Sparc
Author:FLOW, Sparc [FLOW, Sparc]
Language: eng
Format: epub
Published: 2020-02-21T16:00:00+00:00
NODE POD PODIP SERVICE ENV FILESECRET
ip-192 … api- … 10.0.2 … api-token dbCore … api-token- …
ip-192 … ssp-f … 10.10. … default dbCass… default- …
ip-192 … ssp-r … 10.0.3 … default <none> default- …
ip-192 … audit … 10.20.… default <none> default-…
ip-192 … nexus … 10.20. … default <none> deploy-secret …
What a great time to be a hacker! Remember when reconnaissance entailed scanning /16 network and waiting four hours to get a partially similar output? [127] Now it’s barely one command away.
I had to truncate the output because it takes up so much space [128] . The first two columns contain the names of the node and the pod, which help us deduce the nature of the application running inside. The third column is the pod’s IP, which gets us straight to the application, thanks to Kube’s flat network design [129] .
The fourth column lists the service account attached to each pod. Any value different than “default” means that the pod is likely running with additional privileges.
The last two columns list the secrets loaded by the pod, either via environment variables or through a file mounted on disk.
After careful analysis of the type of pods running, it becomes clear that MXR Ads runs all their applications involved in the ad delivery process on Kubernetes. This must allow them to scale their applications up and down according to traffic.
We also spot a couple of datastores, like Redis and Elasticsearch. Redis is a key-value memory database mostly used for caching purposes, whereas Elasticsearch is a document-based database geared toward text search queries. We gather from the pod’s description that Elasticsearch is used for storing audit logs of some (maybe all?) applications:
NODE ip-192-168-72-204.eu-west-1.compute.internal
POD audit - elastic -depl-3dbc-3qozx
PODIP 10.20.86.24
PORT 9200
SERVICE default
ENV <none>
FILESECRET default-token-2mpcg
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
| Cryptography | Encryption |
| Hacking | Network Security |
| Privacy & Online Safety | Security Certifications |
| Viruses |
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(6212)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(5912)
Machine Learning Security Principles by John Paul Mueller(5890)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(5550)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(5532)
Solidity Programming Essentials by Ritesh Modi(3844)
Microsoft 365 Security, Compliance, and Identity Administration by Peter Rising(3490)
Mastering Python for Networking and Security by José Manuel Ortega(3323)
Future Crimes by Marc Goodman(3316)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3313)
Blockchain Basics by Daniel Drescher(3276)
Operationalizing Threat Intelligence by Joseph Opacki Kyle Wilhoit(3201)
Learn Computer Forensics - Second Edition by William Oettinger(2998)
Mobile App Reverse Engineering by Abhinav Mishra(2867)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2842)
The Code Book by Simon Singh(2777)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2764)
Incident Response with Threat Intelligence by Roberto Martínez(2689)
The Art Of Deception by Kevin Mitnick(2587)
