Background

This can be used an easy way of simulating a cloud and container compromise - to trigger detections

It is inspired by Florian Roth's APTSimulator

This allows you to trigger detections without running real world malware. Still, do not run this on production systems as it can reduce their security.

How to Run

Copy the files to a Linux system and run:

• chmod +x ./setup.sh
• ./setup.sh

You can also clone the repository directly, for example you can run on Amazon Linux like this:

• sudo yum install git
• git clone https://github.com/cado-security/CloudAndContainerCompromiseSimulator.git
• cd CloudAndContainerCompromiseSimulator
• chmod +x ./setup.sh
• sudo ./setup.sh

Tools Deployed

• go-pillage-registries - nccgroup - MIT License
• amicontained - genuinetools - MIT License
• botb - brompwnie - GPLv3
• deepce - stealthcopyer - Apache License 2
• 4ARMED - dopwn - GPL Affero
• 4ARMED - kubeletmein - GPL Affero
• InGuardians - peirates - GPL Affero
• xmrig - xmrig - GPLv3