Open source utility for attacking EC2 instances showcased at Black Hat Europe

Barq, a post-exploitation framework that allows penetration testers and red teamers to easily perform attacks on running AWS infrastructure, was showcased during the Arsenal sessions at Black Hat Europe today (December 5).

Developed by security engineer Mohammed Aldoub (@Voulnet), Barq allows assailants to attack running EC2 (Elastic Compute Cloud) instances without having the original instance SSH keypairs.

The utility also allows an attacker to perform the enumeration and extraction of stored secrets and parameters in AWS.

In addition, Barq provides the ability to launch Metasploit and Empire payloads against EC2 instances, and also features a training mode for testing attacks without impacting running production environments.

Read more cloud security news from The Daily Swig

Speaking to The Daily Swig via email ahead of his presentation, Aldoub said the Barq project has been well received by security pros since its launch earlier this year.

“I received great feedback from the community in general, and it got a much better reception than I thought,” he said.

“Even though I’m not in the market for jobs, I received various job offers because of it, so my advice for my peers is: Create something, create value, put yourself on the map, and make things.”

He added: “I’m not proud of all the code quality and decisions inside barq, but barq exists and works, and that’s what counts. Never shy away from producing something, and never be a perfectionist.”

Looking ahead, Aldoub says he has numerous developments in the pipeline for the post-exploitation framework.

“I have plans for more attack vectors against more AWS services, and I’m planning to create some sort of a plugin system, as well as support for other cloud providers,” he said.

YOU MIGHT ALSO LIKE CCAT: Open source tool helps test security of cloud containers