DISCLAIMER: The information below is intended only for Ethical hackers conducting operations for lawful purposes, training, or education and should not be used for any illegal purposes!

Implementing Cloud technologies is not as simple as standing up a Container, EC2 instance or Kubernetes deployment. You also have to keep in mind that the environment has to be secured. If you do not scan and check your own environment, you will eventually deal with a cybersecurity attack, malware, virus or ransomeware event because basically, you were being arrogant and foolish. Optionally, there are times when people do not know.

Common Security Baselines for the US are as follows:

DISA STIGS: https://public.cyber.mil/stigs/srg-stig-tools/

CIS BENCHMARKS: https://www.cisecurity.org/cis-benchmarks

SPRINTO (Automation compliance): https://sprinto.com/

These benchmark tools set a bare minimum recommended security configurations for servers, containers and application/web servers (e.g. Node.JS, IIS, etc). CIS Benchmarks are the most widely used. DISA STIGS can be very challenging to deal with and using the STIG Viewer can be complicated. The US Federal Government and DOD generally uses DISA STIGS so if you want government level hardening on an OS, Database or Application/Web server. This is the standard you could use.

1. BurpSuite: https://portswigger.net/burp

2. Droopescan: https://github.com/SamJoan/droopescan

3. NMAP: https://nmap.org/download.html

4. PACU (AWS): https://github.com/RhinoSecurityLabs/pacu

5. CloudMapper (AWS): https://github.com/duo-labs/cloudmapper

6. Scout Suite (Multi-Cloud): https://github.com/nccgroup/ScoutSuite

7. Shodan: https://www.shodan.io/

8. Censys (Limited Free Tier): https://censys.com/search-pricing/

9. CentralOps (Domain Dossier/AnalyzePath): https://centralops.net/co/

10. Tenable Nessus is used in Enterprises and Too Expensive. Not Free.

The Operating System you choose is actually important. I will always advocate for using Linux for these operations over a Windows OS for speed and accuracy and flexibility. You have to download and configure too much crap on a Windows OS to make it work properly for scans. Here are the operating systems that will make life easier so that you can do your work and then write your report.

Beginners:

1. ParrotOS: https://www.parrotsec.org/

2. Kali Linux: https://www.kali.org/

Experienced and Want Customization:

3. BlackArch: https://www.blackarch.org

Web Testing Framework (Do NOT Install on a Production Environment):

https://github.com/SamuraiWTF/samuraiwtf

These images can run in VirtualBox, VMware Workstation or if your super cheap QEMU (I personally do not like QEMU because the VirtManager UI is just ugly), but if you want to do it; hey, it’s on you.

1. Oracle VirtualBox: https://www.virtualbox.org/wiki/Downloads

2. ProxMox: https://www.proxmox.com/en/proxmox-virtual-environment/overview (ProTip: If you want to convert an Intel NUC to VM’s. Don’t buy anything under an Intel i5 and 16GB or RAM)

3. VMware (Linux): https://www.vmware.com/go/getworkstation-linux

4. QEMU: https://www.qemu.org/download/#linux

5. VirtManager (GUI for QEMU): https://virt-manager.org/

When your done with all of the fancy stuff and having fun. Now you have to type up a report of everything. Well, you do not need Microsoft Office! OnlyOffice is not only supported on Linux, but it has collaboration features like Google Docs that can be used offline and on your local machine. Google Docs is fine, but it’s a pain to deal with when editing sometimes. Also, export to Microsoft Office formats many times gets all jacked up exporting from Google Docs. So, if you are 100% on Linux for your laptop OS, then you can use OnlyOffice and you won’t miss a thing. The UI is good also.

OnlyOffice Desktop: https://www.onlyoffice.com/desktop.aspx (Docs, Spreadsheets, Presentations and PDF Forms Editor)

OnlyOffice Suite: https://www.onlyoffice.com/office-suite.aspx

Shea’s day-to-day Linux OS for daily work:

Ubuntu Linux (Most Recognized by 3rd Parties): https://ubuntu.com/

Rocky Linux: https://rockylinux.org/

Here is a list of “common” cybersecurity tools so that you have a reference list by the scenario used for scanning an environment or conducting an assesesment:

Network Scanning and Enumeration Tools:

• Unicornscan: https://www.kali.org/tools/unicornscan/

• Angry IP Scanner: https://angryip.org/download/#linux

• DNSRecon: https://www.kali.org/tools/dnsrecon/

• DNSRecon (How-To): https://securitytrails.com/blog/dnsrecon-tool

Vulnerability Scanners:

• OpenVAS: https://www.openvas.org/

• Rapid7 Nexpose: https://www.rapid7.com/products/nexpose/

• Acunetix (No Free Tier): https://www.acunetix.com/

• Cisco Splunk: https://www.splunk.com/en_us/download.html

Web Application Scanners:

• OWASP ZAP (Zed Attack Proxy): https://www.zaproxy.org/

• w3af: https://github.com/andresriancho/w3af

• Arachni: https://github.com/Arachni/arachni

Password Cracking Tools:

• John the Ripper: https://www.openwall.com/john/

• Hashcat: https://hashcat.net/hashcat/

• L0phtCrack: https://gitlab.com/l0phtcrack/l0phtcrack

Exploit Frameworks:

• Rapid7 Metasploit: https://www.metasploit.com/

• Core Impact: https://www.coresecurity.com/products/core-impact

• Canvas: https://www.immunityinc.com/products/canvas/index.html

Wireless Penetration Testing Tools:

• Aircrack-ng: https://github.com/aircrack-ng/aircrack-ng

• Wifite: https://www.kali.org/tools/wifite/

• Kismet: https://www.kali.org/tools/kismet/

• Hak5 Wifi Pineapple: https://shop.hak5.org/products/wifi-pineapple

Social Engineering Tools:

• Social Engineer Toolkit (SET): https://trustedsec.com/resources/tools/the-social-engineer-toolkit-set

• Gophish (Open Source + Free): https://getgophish.com/

• Maltego: https://www.maltego.com/

Post-Exploitation Tools:

• Mimikatz: https://github.com/gentilkiwi/mimikatz

• PowerSploit: https://www.kali.org/tools/powersploit/

• Empire: https://github.com/BC-SECURITY/Empire

• Meterpreter: https://www.offsec.com/metasploit-unleashed/about-meterpreter/

Reporting and Documentation Tools:

• Dradis Community Edition: https://dradis.com/ce/

• Faraday: https://faradaysec.com/ (Open Source Options)

• MagicTree: https://www.gremwell.com/what_is_magictree

• Sandcat: https://github.com/syhunt/sandcat

Miscellaneous Tools:

• Wireshark: https://www.wireshark.org/download.html

• SQLmap (SQL Injection Testing): https://sqlmap.org/

• Hydra (Brute-forcing Tool): https://www.kali.org/tools/hydra/

• Nikto (Web Server Scanner): https://github.com/sullo/nikto

Use at your own risk…;-)