Skip to content

Latest commit

 

History

History
46 lines (39 loc) · 3.64 KB

README.md

File metadata and controls

46 lines (39 loc) · 3.64 KB

byo-asm-recon

Workshop that shows how to build your own ASM recon on external and cloud assets. Presented at HackGDL 2024 by @heryxpc

Instructions

You can use any domain or AWS account you are authorized to perform reconnaissance. I used CloudGoat as it worked smoothly to spin up AWS resources with interesting characteristics (e.g. over permissive AWS roles/policies), specially when setting the whitelist.txt to 0.0.0.0/0.

⚠️ CloudGoat is a vulnerable by design project and spinning it on a production environment puts in risk the AWS account where it's hosted ⚠️

Demos

Each demo can be executed independently and has it's own requirements. You can check the details for each at:

References

Tools

Related Conference talks

Cloud Assets

Acknowledge

Big kudos to @spangenberg and @achantavy for all the help given to prepare this demo 🙌