search

undergroundwires / CEH-in-bullet-points

💻 Certified ethical hacker summary in bullet points
https://cloudarchitecture.io/hacking
Creative Commons Attribution 4.0 International
995 stars 287 forks source link

Cloud attacks addition: Cloud Hopper and Cloudborne #11

Closed EnjoyTheJoke closed 2 years ago

EnjoyTheJoke commented 3 years ago

In Cloud attacks I would add a couple more that are included in official course-ware (v11) and show in exam prep questions:

Cloud Attacks: Cloud Hopper Attack Cloud Hopper attacks are triggered at the managed service providers (MSPs) and their users Attackers initiate spear-phishing emails with custom-made malware to compromise the accounts of staff or cloud service firms to obtain confidential information

Cloud Attacks: Cloudborne Attack Cloudborne is a vulnerability residing in a bare-metal cloud server that enables the attackers to implant a malicious backdoor in its firmware. The malicious backdoor can allow the attackers to bypass the security mechanisms and perform various activities such as watching new user’s activity or behavior, disabling the application or server, and intercepting or stealing the data. Vulnerabilities in the bare-metal cloud server and inappropriate firmware re-flashing can pave the way for attackers to install and maintain backdoor persistence.

undergroundwires commented 3 years ago

Thank you for the advice, also thank you for writing content @EnjoyTheJoke I added descriptions for Cloud Hopper, Cloudborne Man-In-The-Cloud (MITC) and cloud cryptojacking attacks/threats.