We’ve been releasing a series of videos from Chief Strategy Officer, Brian Contos, highlighting how Sevco’s 4D Asset Intelligence platform works, and how organizations can use it to better understand their IT environment. We call these videos Sevco Security Shorts.
Now, we’re posting this transcripts of this series for those that would prefer to read the content.
Hey everybody. Today we’re going to talk about cloud integration with Sevco and is it really necessary? So, when you think about Sevco, you think about integration with different types of devices, software identities, vulnerabilities doing correlation and analytics on that data. But you should also think about it in terms of sources on prem and a data center in a remote location. And then as we’re talking about today, in the cloud. Now the way that Sevco is organized is everything is done through APIs. So, you can have API integrations through some of these on-prem solutions or some of these cloud-based solutions as well. In fact, most of the integrations that we do are with cloud native platforms because we are in fact a cloud native platform. So, just looking at some of these categories, you can see that there’s a ton of integration types and we can kind of scroll down and see all the various types and flavors right here.
But let’s just look at the cloud sources, Amazon, Google, Microsoft, VMware’s vSphere. There’s a lot of places where you can get interesting data, but is it really necessary? Are there really threats within the cloud?
Let’s do a little hacking example here. This is Gitea, which is a lot like GitHub. We’re just going to do a simple exploit and on the right, I’m just logging into the system with a traditional user account. So, nothing really fancy and it’s designed to do this. They want you to create an account, it’s a publicly accessible system, and this might be some application that you have running in your cloud. Well, on the left I’ve got Metasploit. I’m going to use the Metasploit console to try to compromise this cloud-based asset. And hopefully this is something I’m monitoring. I know about it within Sevco. I know the version that it’s on, etc., etc.
So, very quickly I’m just selecting my attack within Metasploit. I’m setting the remote host, which is of course the one on the right, that’s the Gitea, setting a username and password, which happens to be my public username and public password that I had just set before. Check to see if it’s vulnerable. Yeah, 1.16.0 is vulnerable. So, now I’m going to go through Metasploit and I’m going to set up some parameters for my local host to run this attack. And I’m also going to set my variable for my URI host. Now I’m going to simply do this attack. So, here’s some info about the details, just if you want to look at it, but exploit successful. That’s it – it was that simple.
So, now we’ve got a reverse TCP channel with this device, we can do a few things. We see my user ID is Git. Okay, here’s some of the network information. We can pull that up. Now let’s initiate the shell. With the shell I can do any number of things that you’re used to. What’s the host name? Who am I? I’m Git. Again, we confirm that before I can go to the root directory, which is my present working directory. Do a quick listing to see what’s in there. And now we can also log into the Postgres database. This gets really interesting. Now we can certainly do some interesting things like look at the installation files, etc. But I’m just going to log in with Gitea and now we can actually view and modify tables if we want. And I can look at the email hashes and then I can grab those hashes and if I wanted to later on brute force them. So, we’ve completely compromised this Gitea server.
So, at the end of the day, is it important to have visibility into your cloud assets? Absolutely.
Interested in seeing how Sevco can give you this kind of visibility in your own IT environment? Click here to schedule a personalized 1:1 demo with our team.