3iuy-prog
commented
1 year ago We have addressed all the requirements. Please let us know if there are any other requests or suggestions. :)
Open West-wise opened 1 year ago
3iuy-prog
commented
1 year ago We have addressed all the requirements. Please let us know if there are any other requests or suggestions. :)
3iuy-prog
commented
1 year ago Terraform version >= 2.0 was definitely a misnomer. According to Hasicorp, the latest version of terraform is 1.6.3. The version has been modified accordingly.
and I added vpc.tf reflecting the feedback. => https://discord.com/channels/969671994599669760/1168866493451214859/1170108321819275334
andrew-aiken
commented
1 year ago The following data sources are now unused
I would also recommend adding a required version for the archive & time providers
andrew-aiken
commented
1 year ago Have the scenario create the CloudWatch group that the lambda will write to. Then when the scenario is destroyed it is also cleaned up
3iuy-prog
commented
1 year ago I was thinking about adding an easy path and decided to create a separate secret-string file for each path. S3 is now accessible with web credentials, and users can also see both secret files. However, users can only read the contents of the easy-path file. Users must do ECS Privesc to read the Hard Path file.
3iuy-prog
commented
11 months ago All changes are submitted. :)
andrew-aiken
commented
11 months ago 941aa8206d81ae86f87bd7c030362c7259e0ec75
The change to the platform are still building as arm, the ECS tasks then fails.
I think the only thing needed to be added is the platform tag to force it to be amd64
docker_build_cmd = f"docker build --platform=linux/amd64 -t {repository_uri}:{image_tag} {path}"Everything else looks great 🙌
Add a new scenario which abuses an ECS & reverse shell to escalate privileges.