Sparc Flow - How to Hack Like a Ghost: Breaching the Cloud

by Sparc Flow

San Francisco

HOW TO HACK LIKE A GHOST. Copyright 2021 by Sparc Flow.

All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher.

ISBN-13: 978-1-7185-0126-3 (print)
ISBN-13: 978-1-7185-0127-0 (ebook)

Publisher: William Pollock
Executive Editor: Barbara Yien
Production Editor: Katrina Taylor
Developmental Editor: Liz Chadwick
Cover Design: Rick Reese
Interior Design: Octopod Studios
Technical Reviewer: Matt Burrough
Copyeditor: Barton D. Reed
Compositor: Jeff Lytle, Happenstance Type-O-Rama
Proofreader: Rachel Head

The following images are reproduced with permission:

Figure 1-1 Tor symbol is courtesy of The Tor Project, Inc., CC BY 3.0 US (https://creativecommons.org/licenses/by/3.0/us/deed.en), via Wikimedia Commons. Figure 6-7 Amazon S3 symbol was altered from the image created by Adrian.moloca, CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0), via Wikimedia Commons. Figures 1-1, 1-2, 3-1, 3-2, and 6-7 server icon is courtesy of Vecteezy.com. Figures 1-1, 1-2, and 3-1 target icon is courtesy of Vecteezy.com. Figure 3-2 cloud computing icon is courtesy of Vecteezy.com. Figure 6-7 survey app icon is courtesy of Vecteezy.com. Figures 7-1 and 7-2 box icons are courtesy of Vecteezy.com.

For information on book distributors or translations, please contact No Starch Press, Inc. directly:
No Starch Press, Inc.
245 8th Street, San Francisco, CA 94103
phone: 1-415-863-9900; info@nostarch.com
www.nostarch.com

Library of Congress Cataloging-in-Publication Data

Names: Flow, Sparc, author.

Title: How to hack like a ghost: breaching the cloud / Sparc Flow.

Identifiers: LCCN 2020052503 (print) | LCCN 2020052504 (ebook) | ISBN

9781718501263 (paperback) | ISBN 1718501269 (paperback) | ISBN

9781718501270 (ebook)

Subjects: LCSH: Computer networks--Security measures. | Hacking. | Cloud

computing--Security measures. | Penetration testing (Computer networks)

Classification: LCC TK5105.59 .F624 2021 (print) | LCC TK5105.59 (ebook)

| DDC 005.8/7--dc23

LC record available at https://lccn.loc.gov/2020052503

LC ebook record available at https://lccn.loc.gov/2020052504

No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.

The information in this book is distributed on an As Is basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.

To my lovely wife, Nastya

Sparc Flow is a computer security expert specializing in ethical hacking. He has presented his research at international security conferences like Black Hat, DEF CON, Hack In The Box, and more. While his day job mainly consists of hacking companies and showing them how to fix their security vulnerabilities, his passion remains writing and sharing security tools and techniques. His other titles include:

• How to Hack Like a Pornstar
• How to Hack Like a GOD
• How to Investigate Like a Rockstar
• How to Hack Like a Legend

Matt Burrough is a senior penetration tester on a corporate red team, where he assesses the security of cloud computing services and internal systems. He is also the author of Pentesting Azure Applications (No Starch Press, 2018). Matt holds a bachelors degree in networking, security, and system administration from Rochester Institute of Technology and a masters degree in computer science from the University of Illinois at UrbanaChampaign.

I would like to express my most sincere thanks to the following:

1. First and foremost, to Liz Chadwick for her razor-sharp skills and sterling adjustments that helped convey the obscure and sometimes complex messages inside these pages.
2. To Matt Burrough for diligently and expertly reviewing code, command lines, and anything in between.
3. To the many people at No Starch Press that worked on this book, from design to copyediting, including Katrina Taylor and Bart Reed. And, of course, to Bill and Barbara for that first meeting that spawned this whole adventure.
4. To my wife for continuously inspiring me in more ways than one, but most of all for supporting the untimely writing fevers as well as the many frustrated nights it took to put this book together.
5. To my brother and sister for the conversations that fuel my learning appetite. One such conversation led to my first hacking book eight months later.

Finally, I would like to express my gratitude, love, and admiration for my parents for teaching me to always be curious and aspire for the best.

The security industry is tricky. I maintain a love/hate relationship with this field, due in no small part to its fickle and fleeting nature. You can spend months or years honing your skills in a particular area of securitysay, privilege escalation and lateral movement using PowerShellonly to feel completely useless when you find yourself in a full Linux or macOS environment.

By the time you learn how to dump macOS keychain secrets and defeat Gatekeeper, the new Windows 10 build is out with novel detection measures, rendering every PowerShell attack almost useless. You drag yourself back to the drawing board: blog hunting, conference binging, and researching to upgrade your tools and devise new exploitation pathways.

Soberly considered, this rat race may seem like utter madness.

You can, of course, always console your ego by diving into the network of a Fortune 500 company that regards Windows XP/2003 as a precious, endangered species to be preserved at all costs, but the tide is catching up to you. You know in your heart that you have to move on to brighter shores.

At the end of the day, thats what hacking is all about. The frustration of having to throw away a favorite trick can only be matched by the exhilaration of mastering a shiny new technique.

We loosely define hacking as an ensemble of tricks and tips designed to achieve unexpected results from a system or a process. Yet, these tricks have an ever-accelerating expiry date. Your aim as a security professional or enthusiast is to seek out and gather as many useful tricks as you can. You never know which spear will stop the bulls charging ahead.