Ethical Hacking:Module11:Cloud Computing Threats and Countermeasures
MITC Attack
Are an advanced version of MITM attacks.
kube-controller-manager
Control plane component that runs controller processes.
Network
Is an interconnected collection of endpoints. Endpoints that do not have network connection cannot communicate over the network.
Etcd cluster
It is a distributed and consistent key value storage where Kubernetes cluster data, service discovery details, API objects, are stored.
Server
It is a persistent back end process, also known as a daemon process (dockerd command)
dockerd
Processes the API requests and handles various Docker objects, such as containers, volumes, images, and networks.
Community Cloud Deployment Model
cloud service that is set up for a community that has shared concerns
Cloud Cryptojacking Countermeasures
1. Ensure to implement a strong password policy. 2. Always preserve three different copies of the data in different places and one copy off-site. 3. Ensure to patch the web servers and devices regularly. 4. Implement CoinBlocker URL and IP Blacklist/blackholing in the firewall. 5. Implement browser extensions for scanning and terminating scripts similar to the CoinHive's miner script. 6. Use endpoint security management technology to detect any rogue applications in the devices. 7. Review all third-party components used by the company's websites.
Given below are the steps to perform a cryptojacking attack.
2-4-1-3
Given below are the list of tiers present in container technology architecture: 1. Orchestrators 2. Hosts 3. Developer machines 4. Registries 5. Testing and accreditation systems Identify the correct order of the tiers.
3-5-4-1-2
Which of the following countermeasures helps security professionals to secure the cloud environment?
Apply a baseline security breach notification process
Jane, a third-party security auditor, received an email from one of his client organizations seeking advice on securing corporate data on the cloud environment. Jane suggested a cloud deployment model that provides full control over corporate data and can be managed within the organization. Which of the following cloud deployment models has Jane suggested to the organization? A. public cloud B. private cloud C. community cloud D. multi cloud
B) Private cloud
Identify the Docker object that enables users to extend the number of containers across daemons, with them serving together as a swarm with several managers and workers. A. networking B. services C. images D. containers
B) Services
James, a cloud security architect, was planning to automate the deployment, scaling, and management of containerized applications. He deployed a platform that groups different containers into several logical units for easy management and discovery. Identify the container management platform employed by James in the above scenario. A. Fortify WebInspect B. Kubernetes C. Metasploit D. Burp Suite
B. Kubernetes
Identify the Kubernetes feature that describes managing a cluster of nodes that run containerized applications and allocating and deallocating resources to the containers. A. automated rollouts and rollbacks B. automatic bin packing C. service discovery D. self-healing
B. automatic bin packing
Identify the NIST cloud deployment reference architecture entity that acts as an intermediary and provides connectivity and transport services between CSPs and cloud consumers. A. cloud provider B. cloud carrier C. cloud auditor D. cloud broker
B. cloud carrier
Mark, a professional hacker has targeted a cloud service firm to gain critical data and access the intellectual property remotely. He initiates an attack on the MSPs and their customers by using spear-phishing emails with custom-made malware to compromise user accounts and obtain confidential information. Identify the type of attack performed by Mark in the above scenario. A. cross-guest VM breaches B. cloud hopper attack C. cloudborne attack D. side-channel attack
B. cloud hopper attack
Smith, a professional hacker, was assigned to perform an attack on AWS S3 buckets. He employed a tool to brute-force AWS S3 buckets with different permutations to breach the security mechanism and inject malware into the bucket files. Identify the tool employed by Smith in the above scenario. A. WZCook B. lazys3 C. Aircrack-ng D. Burp Suite
B. lazys3
Sam, a programmer, has developed an application on his own and wants to host it in the cloud. He searches for the best cloud service provides to host his application at low-cost maintenance and make it available to users across the globe. Which of the following cloud deployment model helps Sam in the above scenario? A. hybrid cloud B. private cloud C. public cloud D. community cloud
C. Public cloud
Irin, a cloud security architect, is a disgruntled ex-employee of an organization who has access to cloud resources and knows about the organization's cloud network. Using this information, she deliberately accesses the critical documents and compromises the sensitive information available in the cloud. Identify the cloud threat demonstrated in the above scenario. A. supply chain failure B. cloud provider acquisition C. malicious insiders D. isolation failure
C. malicious insiders
Which of the following countermeasures helps administrators secure the cloud network from side channel attacks?
Check for repeated access attempts to local memory
Which of the following components in the Docker engine is the command line interface used to communicate with the daemon?
Client CLI
Which of the following entities in the NIST cloud deployment reference architecture is a party that performs an independent examination of cloud service controls to express an opinion and verify adherence to standards through a review of the objective evidence?
Cloud auditor
Which of the following actors in the NIST cloud deployment reference architecture is a person or organization that maintains a business relationship with the cloud service providers and utilities the cloud computing services?
Cloud consumer
William, a professional hacker, has targeted a deprovisioned bare metal cloud server that is being sanitized for the next allocation. He exploited a vulnerability in super micro hardware that allowed him to overwrite the firmware. Then, Williams could directly access the hardware and bypass the security mechanisms whenever the server is deployed to different customers in future. Which of the following attacks has William performed in the above scenario?
Cloudborne attack
Which of the following components in Docker architecture refers to locations where images are stored and pulled whenever required?
Docker Registries
Which of the following practices can make cloud infrastructure susceptible to man in the cloud attacks?
Ensure encryption keys are stored within the same cloud service
An organization, CyberSol.org, has decided to develop an application for microservices. As it is very difficult to build and maintain the necessary infrastructure for this operation, they purchased a cloud computing service that provides a platform for developing, running, and managing application functionalities.
Function-as-a service
Which of the following cloud services provides data processing services such as IoT services for connected devices, mobile and web applications, and batch and stream processing?
Function-as-a-Service
Which of the following cloud deployment models is a combination of two or more clouds that remain unique entities but are bound together, where an organization makes available and manages certain resources in-house and obtains other resources externally?
Hybrid cloud
IPAM Drivers
IP address management (IPAM) drivers assign default subnet and IP addresses to the endpoints and networks, if they are not assigned.
Which of the following cloud computing services enables subscribers to use on-demand fundamental IT resources, such as computing power, virtualization, data storage, and network?
IaaS
ICS Exploitation Framework (ISF)
Is an exploitation framework based on Python that is similar to the Metasploit framework. This tool provides various exploit modules that allow attackers to hack target ICS systems and networks.
cloud-controller-manager
It runs the controller that communicates with the cloud providers.
Identify the component of the Kubernetes cluster architecture representing a master component that scans newly generated pods and allocates a node for them.
Kube-scheduler
MITM Attack
Man-in-the-middle attack is when communication is intercepted between two systems. Eavesdropping is a form of MITM except no packets are changed.
Identify the cloud deployment model representing a dynamic heterogeneous environment that combines workloads across multiple cloud vendors that are managed via one proprietary interface to achieve long term business goals.
Multi cloud
Nathan, a professional hacker, targeted the cloud infrastructure of an organization. He was trying to enumerate AWS services for the current IAM role. For this purpose, he deployed a tool to perform fingerprinting and extract current AWS credentials from metadata. Identify the tool employed by Nathan in the above scenario.
Nimbostratus
Identity as a Service (IDaaS)
Offers IAM services including SSO, MFA, IGA, and intelligence collection.
Platform as a Service (PaaS)
Offers development tools, configuration management, and deployment platforms on demand that can be used by subscribers to develop custom applications.
Function as a Service (FaaS)
Provides a platform for developing, running and managing application functionality for microservices.
Which of the following countermeasures helps security professionals secure the cloud network from cryptojacking attacks?
Review all third party components used by the company's websites
Which of the following components in the container network model encompasses the container network stack configuration to manage container interfaces, routing tables, and DNS settings?
Sandbox
Which of the following cloud computing models provides penetration testing, authentication, intrusion detection, anti-malware services to corporate infrastructure in a cost effective way?
Security-as-a-service (SECaaS)
Steps of cloud cryptojacking attacks
Step 1: An attacker compromised the cloud service by embedding a malicious crypto-mining script. Step 2: When the victim connects to the compromised cloud service, the crypto-mining script gets executed automatically. Step 3: The victim naively starts mining the cryptocurrency on behalf of the attacker and adds a new block to the blockchain. Step 4: For each new block added to the blockchain, the attacker gets a reward in the form of cryptocurrency coins illicitly.
REST API
This API allows the communication and assignment of tasks to the daemon.
Firmalyzer
This tool enables device vendors and security professionals to perform automated security assessment on software that powers IoT devices (firmware) in order to identify configuration and application vulnerabilities
Container technology has a five tier architecture:
Tier 1: Developer machines image creation, testing, and accreditation Tier 2: Testing and accreditation systems-verification and validation of image contents, signing images, and sending them to the registries Tier 3: Registries storing images and disseminating images to the orchestrators based on requests Tier 4: Orchestrators- transforming images into containers and deploying containers to hosts Tier 5: Hosts- operating and managing containers as instructed by the orchestrator.
Which of the following tiers in the container technology architecture transforms images into containers and deploys containers to hosts?
Tier 4: Orchestrators
Which of the following tiers in the container technology architecture operates and manages containers as instructed by the orchestrator?
Tier-5: Hosts
Cloud Hopper Attack
Triggered at the managed service providers (MSPs) and their users, by initiating spear-phishing emails with common made malware to compromise the accounts of staff or cloud service firms to obtain confidential information.
MITC Attack Detection Tool
Tripwire- can be used to monitor changes of assets in the cloud environment and generate alerts
Which of the following countermeasures helps security teams protect the cloud environment against online threats?
Verify one's own cloud in public domain blacklists
Which of the following cloud-based attacks involves an adversary interrupting the SOAP message in the TLS layer, duplicating the body of the message, and sending it to the server as a legitimate user that results in intrusion into the cloud and execution of malicious code?
Wrapping attack
Private cloud model
a model of cloud computing where the infrastructure is dedicated to a single user organization.
Public cloud model
a platform that uses the standard cloud computing model to make resources -- such as virtual machines, applications or storage -- available to users remotely. Public cloud services may be free or offered through a variety of subscription or on-demand pricing schemes, including a pay-per-usage model.
