PenTestIT RSS Feed
Iām sure you must have read my previous post title the List of Adversary Emulation Tools. In that post, I briefly mentioned about the Guardicore Infection Monkey. Good news now is that it has been updated! We now have Infection Monkey 1.6.1. An important change about this version is that this is an AWS only version.
[](< http://pentestit.com/update-infection-monkey-1-6-1/>)
What is Infection Monkey?
> The Infection Monkey is an open source Breach and Attack Simulation (BAS) tool that assesses the resiliency of private and public cloud environments to post-breach attacks and lateral movement. It operates in much the same way a real attacker would - starting from a random location in the network and propagating from there, while looking for all possible paths of exploitation.
Infection Monkey 1.6.1 has now been integrated with the AWS Security Hub. This allows anyone to verify and test the resilience of their AWS environment and correlate this information with the native security solutions and benchmark score!
Additionally, I missed posting about another release - Infection Monkey 1.6 which is also important. Hence, Iām posting about it here:
New Features:
Code improvements:
In other words, the Monkey can now detect potential attack paths between computers within the same domain or workgroup using credentials reuse, pass-the-hash technique and cached logins. In addition to the already existing attacks, Infection Monkey 1.6.1 now includes support for the Struts2 Multipart file upload vulnerability (CVE-2017-5638), Oracle WebLogic Server WLS Security component vulnerability (CVE-2017-10271), Elasticsearch Groovy attack (CVE 2015-1427) & the Hadoop YARN Resource Manager remote code execution vulnerability.
Lotās of exciting stuff from the guys at Guardicore Labs. Really good work!
The following Infection Monkey 1.6.1 files are available for download:
Get them here.
The post UPDATE: Infection Monkey 1.6.1 appeared first on PenTestIT.