CCAT – The Cloud Container Attack Tool

CCAT the Cloud Container Attack Tool is a tool that allow security tester to better understand the security implications of container-based services, especially due to containers’ increasing popularity and the lack of offensive tools in the space. This tool may perform container attack in AWS and push a compromised image.

CCAT - The Cloud Container Attack Tool
CCAT – The Cloud Container Attack Tool

Below is an example scenario to demonstrate the usage of CCAT:

Starting with compromised AWS credentials, the attacker enumerates and explores ECR repositories. Then, the attacker found that they use NGINX Docker image and pulled that Docker image from ECR. Furthermore, the attacker creates a reverse shell backdoor into the target Docker image. Finally, the attacker pushes the backdoored Docker image to ECR.

The image may also include a cryptocurrency-mining malware as with Tesla’s Kubernetes console attack which was not protected by password.

The recommendation to use provided Docker image to run CCAT, so that you will not face any difficulty with the required dependencies on your own system.

You can read more and download this tool over here: https://github.com/RhinoSecurityLabs/ccat

Share