CloudCopy Logo

CloudCopy

0
Free
Visit Website

This tool implements a cloud version of the Shadow Copy attack against domain controllers running in AWS. Any AWS user possessing the EC2:CreateSnapshot permission can steal the hashes of all domain users by creating a snapshot of the Domain Controller mounting it to an instance they control and exporting the NTDS.dit and SYSTEM registry hive file for use with Impacket's secretsdump project. Demos CloudCopy in Profile mode running against an AWS Domain Controller with an unencrypted Volume. CloudCopy in Manual mode running against an AWS Domain Controller with an encrypted Volume. Detailed CloudCopy Algorithm: Load AWS CLI with Victim Credentials that have at least CreateSnapshot permissions. Run 'Describe-Instances' and show in list for attacker to select. Run 'Create-Snapshot' on volume of selected instance. Run 'modify-snapshot-attribute' on new snapshot to set 'createVolumePermission' to attacker AWS Account. Load AWS CLI with Attacker Credentials. Run 'run-instance' command to create new Linux EC2 with our stolen snapshot. SSH run 'sudo mkdir /windows'. SSH run 'sudo mount /dev/xvdf1 /windows/'. SSH run 'sudo cp /windows/Windows/NTDS/ntds.dit /home/ec2-user'. SSH run 'sudo cp /w

FEATURES

ALTERNATIVES

A security tool that monitors AWS objects for ownership attribution, detects domain hijacking, and verifies security services.

A framework to analyze container images and gather useful information.

Open-source policy-as-code software for multi-cloud and SaaS environments with GPT model conversations and custom analysis policies.

ScubaGear assesses Microsoft 365 tenant configurations against CISA Secure Configuration Baselines, using PowerShell and Open Policy Agent to compare settings and generate compliance reports.

An open-source framework for testing and validating the security of AWS services and resources.

Docker security audit tool with custom audit profiles and JSON report generation based on CIS Docker 1.6 Benchmark.

Weave Scope automatically generates a map of your application for troubleshooting and monitoring Docker & Kubernetes.

A cloud native application protection platform that provides unified visibility, risk assessment, and remediation capabilities across multi-cloud and hybrid environments.

Commercial