NaorPenso
commented
1 year ago Hi @6mile, Thanks for the participation! I believe you are referring to 2 different techniques? one for reconnaissance and another one for execution? I agree that we need to another another technique for the execution portion (unless we bind it to "installation script"); I am looking to get further insights into the value of deployment scrips as a part of the reconnaissance stage as if it exposes data it may be attributed to discovery activities.
Should we add a new reconnaissance technique along the lines of "look for signs of localized deployment"? The idea here is that attackers are actively looking for evidence that there is an "out of band" deployment script or process that they can hijack to get malicious code into the target app. The most common way I've seen this happen is via a package.json file with embedded deployment commands or calling a malicious script.