CloudCopy
This tool implements a cloud version of the Shadow Copy attack against domain controllers running in AWS. Any AWS user possessing the EC2:CreateSnapshot permission can steal the hashes of all domain users by creating a snapshot of the Domain Controller mounting it to an instance they control and exporting the NTDS.dit and SYSTEM registry hive file for use with Impacket's secretsdump project. Demos CloudCopy in Profile mode running against an AWS Domain Controller with an unencrypted Volume. CloudCopy in Manual mode running against an AWS Domain Controller with an encrypted Volume. Detailed CloudCopy Algorithm: Load AWS CLI with Victim Credentials that have at least CreateSnapshot permissions. Run 'Describe-Instances' and show in list for attacker to select. Run 'Create-Snapshot' on volume of selected instance. Run 'modify-snapshot-attribute' on new snapshot to set 'createVolumePermission' to attacker AWS Account. Load AWS CLI with Attacker Credentials. Run 'run-instance' command to create new Linux EC2 with our stolen snapshot. SSH run 'sudo mkdir /windows'. SSH run 'sudo mount /dev/xvdf1 /windows/'. SSH run 'sudo cp /windows/Windows/NTDS/ntds.dit /home/ec2-user'. SSH run 'sudo cp /w
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A unified extended detection and response (XDR) platform that provides comprehensive visibility and protection across hybrid IT environments through integrated prevention, detection, and response capabilities.
S3Scanner scans for misconfigured S3 buckets across S3-compatible APIs, identifying potential security vulnerabilities and data exposure risks.
Lists AWS resources using the AWS Cloud Control API and writes them to a JSON output file.
AI-Powered Cloud Assistant for building, securing, and operating cloud environments.
Stay up-to-date on the latest trends and developments in AWS Cloud Security with this weekly digest newsletter.
A comprehensive cloud security platform that provides threat prevention, posture management, and risk prioritization across cloud applications, networks, and workloads.
Nuvola is a tool for security analysis on AWS environments with a focus on creating a digital twin of cloud platforms.
An AI-powered Cloud Native Application Protection Platform (CNAPP) that provides unified cloud security with attack surface management for small and medium businesses.
Detect off-instance key usage in AWS by analyzing CloudTrail files locally.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.