There is a lot of info available about attacking AWS, Azure and GCP environments. But what about offensive research for IBM Cloud services? Riyaz Walikar, Chief Hacker and CTO, Kloudle presented this talk at fwd:cloudsec 2021 exploring different IBM cloud services from an attacker mindset.
The talk covered:
- Using OSINT to discover IBM Cloud resources exposed on the Internet
- Misconfigurations with Access (IAM) that allow privilege escalation
- Tokens, keys and SSO - what on the IBM Cloud CLI is useful
- A quick and dirty analysis of the IBM Cloud shell and a thing about kata containers
- Virtual Server for Classic and the
- A reverse shell within Functions/Serverless compute
- Cloud Object Storage and tooling to discover in the wild
The idea for the talk came when I was building CTF challenges for CloudVillage at DefCon this year. The idea was to create challenges in cloud platforms, other than the big 3, which would not only get the folks playing all riled up, but those who love to go the extra mile would figure out solutions reading the documentation and by poking around. It was then that I realised how little has been written about attacking IBM Cloud.
The talk is mostly me attempting to make sense of the documentation, poking around to see what the services do and see what parts could be attacked. The research is still ongoing and given that there is not a lot you can present in the 20 minutes during the conference, we have created a repository of things that everyone could add to.
An Attacker’s Approach to Pentesting IBM Cloud - Repo and Slides
The GitHub repo is at - https://github.com/Kloudle/pentesting-ibm-cloud
Here are all the slides from the fwd:cloudsec 2021 conference presented virtually on 14th September 2021
This post will be updated with a rundown of the slides and the video recording when it becomes available from the conference organisers.