Christophe Tafani-Dereeper issues

Results 121 issues of


                                            Christophe Tafani-Dereeper

Add references to docs

Add references to S3 ransomware in the wild to existing S3 attack techniques

https://www.invictus-ir.com/news/ransomware-in-the-cloud https://dfir.ch/posts/aws_ransomware/ and determine if coverage from current techniques is enough or if we need new ones

kind/documentation

kind/enhancement

good first issue

platform/aws

New attack technique: VMAccess Extension to add SSH keys to VMs

VMAccess Extension https://unit42.paloaltonetworks.com/cloud-lateral-movement-techniques/#post-132775-_p1el9vu0ltrs Similar to EC2 Instance Connect

kind/new-technique

platform/azure

New attack technique: Snapshot existing volume and attach to compromised EC2 instance

Technique 1 from https://unit42.paloaltonetworks.com/cloud-lateral-movement-techniques/#post-132775-_p1el9vu0ltrs

kind/new-technique

platform/aws

Azure AD: Backdoor tenant through new application

https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/

kind/new-technique

Backdoor AWS account using "guest" role in Cognito Identity Pool

kind/new-technique

platform/aws

New EKS attack technique: backdooring the aws-auth configmap

required #374

kind/new-technique

platform/eks

Azure execution through serial console

> UNC3944 has also found use of some of the more niche features and applications within Azure to move laterally and conduct data theft. On multiple occasions UNC3944 has [moved...

kind/new-technique

platform/azure

priority/seen-in-the-wild

Azure storage account ransomware

https://twitter.com/sophosxops/status/1702051374287007923?s=46&t=qDVaCDKbvXeCu776fKzfgw

kind/new-technique

platform/azure

priority/seen-in-the-wild

Investigate the possibility of an Azure AD platform

https://www.mandiant.com/sites/default/files/2021-11/wp-m-unc2452-000343.pdf

kind/new-platform