Services like Amazon’s S3 have made it easier and cheaper than ever to store large quantities of data in the cloud. Used properly, S3 buckets are a useful tool, however a lot of companies fail to implement basic security resulting in catastrophic data breaches.
Some days ago, during a chat with a friend who works in a small software development company, the webshells topic has come up. During the migration of a production system, my friend found some suspicious .php files, which turned out to be China Chopper webshells.
The problem is always the same: every data that is stored into volatile memory can be extracted with the correct tools/techniques.
Nmap is the most known port scanner, written and maintained by Gordon Lyon (Fyodor). It can be used for network discovery and for most security enumeration during the initial stages of penetration testing.
Network printers use a various amount of protocols and firmwares which differ from vendor to vendor and model to model. Obviously, every firmware (and protocol) could be vulnerable and exploitable but, a printer could be an attack vector?
Since 2014, the use of containers started making a big growth in IT, and especially in devops.