DEV Community: Fawazkh80

# Demystifying AWS EC2 Network Interface Cards

Fawazkh80 — Mon, 18 Sep 2023 08:02:41 +0000

Introduction

Amazon Web Services (AWS) offers a wide range of services to meet the diverse needs of its users. Amazon Elastic Compute Cloud (EC2) instances are a fundamental component of AWS, serving as virtual servers that can be customized to suit various workloads. When working with EC2 instances, it's crucial to understand the different types of Network Interface Cards (NICs) available, as they play a pivotal role in networking and communication within the AWS cloud environment. In this article, we'll explore the three primary types of NICs used in AWS EC2 instances: Elastic Network Interface (ENI), Elastic Network Adapter (ENA), Elastic Fabric Adapter (EFA), and the Elastic Network (EN).

1. Elastic Network Interface (ENI)

Elastic Network Interfaces (ENIs) are fundamental to AWS networking. Each EC2 instance can have one or more ENIs attached to it. ENIs serve as virtual network cards, allowing instances to communicate with other AWS resources and the internet. They come with a set of attributes, such as a private IP address, a MAC address, and security group rules, which enable fine-grained control over network traffic.

Key Features of ENI:

ENIs are used for basic networking functionality within EC2 instances.
They support both IPv4 and IPv6 addresses.
ENIs can be moved between instances within the same Availability Zone (AZ).
They are essential for creating High Availability (HA) architectures and multi-tier applications.

2. Elastic Network Adapter (ENA)

Elastic Network Adapters (ENAs) are hardware-accelerated NICs designed for enhanced network performance in AWS EC2 instances. ENAs are optimized for modern networking protocols and support features like jumbo frames and increased packet per second (PPS) performance. They are particularly beneficial for workloads that require high network throughput, such as big data processing and high-performance computing.

Key Features of ENA:

ENAs offer significantly improved network performance over standard ENIs.
They support features like Enhanced Networking, which allows for higher PPS and lower latency.
ENAs are required for specific instance types, and they are automatically enabled when using these instances.

3. Elastic Fabric Adapter (EFA)

Elastic Fabric Adapters (EFAs) are specialized NICs designed for high-performance computing (HPC) workloads, machine learning, and other demanding applications. EFAs provide low-latency, high-bandwidth communication between instances within a Placement Group, allowing for tight coupling and efficient data transfer.

Key Features of EFA:

EFAs deliver the lowest network latency and highest bandwidth performance among AWS NICs.
They are specifically designed for HPC and ML workloads.
EFAs require instances that support them and a Placement Group configuration for optimal performance.

4. Elastic Network (EN)

The Elastic Network (EN) is a virtual networking service introduced by AWS. It is not a traditional NIC like ENI, ENA, or EFA. Instead, EN is a managed, global network that connects VPCs and on-premises data centers. It provides advanced networking features such as Global Accelerator, Transit Gateway, and Direct Connect.

Key Features of EN:

EN enables global networking and connects multiple VPCs and on-premises environments.
It offers features like low-latency global load balancing through Global Accelerator.
EN simplifies the network architecture and improves connectivity across different regions.

Differences Between ENI, ENA, EFA, and EN:

Use Cases:
- ENI: General-purpose networking within EC2 instances.
- ENA: Enhanced networking for improved performance in various workloads.
- EFA: High-performance networking for HPC and ML applications.
- EN: Global networking for connecting VPCs and on-premises environments.
Performance:
- ENI: Basic networking performance.
- ENA: Enhanced performance with support for modern networking protocols.
- EFA: Highest performance with low-latency, high bandwidth.
- EN: Provides advanced networking features rather than direct instance networking.
Instance Compatibility:
- ENI: Compatible with most EC2 instances.
- ENA: Requires specific ENA-enabled instance types.
- EFA: Requires specific EFA-enabled instance types and Placement Groups.
- EN: Not tied to specific instances, used for global networking.

[reference: https://varunmanik1.medium.com/aws-eni-vs-en-vs-efa-22250513590f ]

Post-Exploitation Phase

Fawazkh80 — Sun, 10 Sep 2023 16:27:33 +0000

Overview

While the initial stages of a penetration test focus on gaining access to a target system, the post-exploitation phase is equally critical. In this phase, ethical hackers shift their focus towards maintaining access, gathering sensitive information, and ensuring that their presence remains undetected.

Post-Exploitation Methods

During the post-exploitation phase, ethical hackers employ various methods to achieve their objectives:

1. Privilege Escalation

Privilege escalation is the process of gaining higher-level access or permissions on a compromised system. This often involves exploiting vulnerabilities in the operating system or applications to escalate from a low-privileged user to a privileged user or administrator.

2. Lateral Movement

Lateral movement refers to the ability to move laterally within a network, potentially compromising multiple systems. Ethical hackers use this method to explore and compromise additional systems and gather more data.

3. Data Exfiltration

Data exfiltration involves stealing sensitive information from the compromised system. This can include customer data, intellectual property, or any valuable information that the organization wants to protect.

4. Persistence

Maintaining access to a compromised system is crucial for ethical hackers. Persistence methods ensure that even if the initial breach is discovered and patched, they can still regain access.

Common Tools in Post-Exploitation

To execute these post-exploitation methods effectively, ethical hackers rely on a range of specialized tools. Some commonly used tools include:

Metasploit: A versatile penetration testing framework that provides various modules and payloads for post-exploitation activities.
PowerShell Empire: A post-exploitation framework that leverages PowerShell to execute commands on compromised systems.
Cobalt Strike: A popular tool for red teaming and penetration testing, offering features for post-exploitation, lateral movement, and persistence.
Mimikatz: A powerful tool for extracting plaintext passwords, hashes, and Kerberos tickets from memory.

[Disclaimer: This article is for educational purposes only. Unauthorized penetration testing is illegal and unethical. Always obtain proper authorization before conducting any penetration testing activities.]

Exploitation phase

Fawazkh80 — Thu, 13 Jul 2023 22:37:13 +0000

Overview

The exploitation phase is the phase where the tester tries to gain access to the system using the vulnerabilities identified in the previous phase. The exploitation phase is important because:

It helps to determine the severity of the vulnerabilities identified in the previous phase.
It helps to identify the impact of the vulnerabilities on the system.
It helps to identify the level of access that an attacker can gain on the system.
It helps to identify the countermeasures that can be taken to prevent the exploitation of vulnerabilities.

Famous Exploits

There are several famous exploits that can be used in the exploitation phase, including:

Eternal Blue: It is an exploit for a vulnerability in Microsoft's Server Message Block (SMB) protocol. It was used in the WannaCry ransomware attack in 2017.
Log4j: It is a vulnerability in the Apache Logging Services Project's Log4j library that allows an attacker to execute arbitrary code.
BlueKeep: It is a vulnerability in Microsoft's Remote Desktop Protocol (RDP) that allows an attacker to execute arbitrary code.

Most Commonly Used Tools

There are several tools that can be used in the exploitation phase. Some of the most used tools and how to use them are:

Nmap: It is a tool used for network exploration and security auditing. To use Nmap, the tester needs to provide the IP address of the target system. Nmap will then scan the system and identify the open ports and services. This information can be used to identify vulnerabilities.

Usage example:

nmap <target IP address>

Metasploit Framework: It is an open-source tool that provides a framework for developing and executing exploits. To use Metasploit, the tester needs to select an exploit from the list of available exploits and configure it. Once the exploit is configured, the tester can execute it and gain access to the system.

Usage example:

use exploit/windows/smb/ms17_010_eternalblue
set RHOST <target IP address>
set PAYLOAD windows/x64/meterpreter/reverse_tcp
run

PsExec: It is a tool used to execute commands on remote systems. To use PsExec, the tester needs to provide the username and password of a user with administrative privileges on the target system. The tester can then execute commands on the target system.

Usage example:

psexec \\target -u <username> -p <password> cmd

Using Information Obtained in the Exploitation Phase

Once the tester has gained access to the system and extracted sensitive information, the information obtained in the exploitation phase is used in the post-exploitation phase. The information obtained can be used to:

Identify the security measures that need to be taken to prevent future attacks.
Determine the extent of the damage caused by the attack.
Identify the data that has been compromised.
Gather additional information about the system for further exploitation.

Conclusion

the exploitation phase is an important step in the penetration testing process. It helps to determine the severity of vulnerabilities, identify countermeasures, and gain access to the system. The most famous exploits and tools used in the exploitation phase were discussed, and examples of how to use them were provided. Finally, the information obtained in the exploitation phase is used in the post-exploitation phase to prevent future attacks and minimize damage caused by the attack.

Disclaimer

The information provided in this article is for educational purposes only. The tools and techniques discussed in this article should only be used on systems with prior written consent from the owner or authorized personnel. Any unauthorized use of these tools or techniques may result in legal consequences. The author of this article are not responsible for any damage or loss caused by the use of the information provided in this article. It is the responsibility of the reader to use this information ethically and responsibly.

Vulnerability Scanning

Fawazkh80 — Sat, 01 Jul 2023 16:18:25 +0000

Vulnerability scanning is a critical phase in the penetration testing process, where the primary goal is to identify potential vulnerabilities and weaknesses in the target system or application. The purpose of this phase is to determine the attack surface and assess the severity of the identified vulnerabilities to determine the best approach for exploitation. In this article, we will discuss vulnerability scanning and its importance in the penetration testing process, as well as the most commonly used tools.

What is Vulnerability Scanning and Why We Use It

Vulnerability scanning is the process of identifying potential weaknesses and vulnerabilities in the target system or application. This phase involves using automated tools to scan the target system or application for known vulnerabilities and misconfigurations.

The primary goal of vulnerability scanning is to identify potential vulnerabilities that could be exploited by attackers to gain unauthorized access to the target system or application. By identifying and addressing these vulnerabilities, organizations can reduce the risk of a successful attack and improve their overall security posture.

Most Commonly Used Tools

There are several tools that can be used for vulnerability scanning, including:

Nessus: Nessus is a popular vulnerability scanner that can be used to scan for known vulnerabilities in the target system or application. Nessus can be used for both network and web application scanning and includes a comprehensive database of known vulnerabilities.
Metasploit: Metasploit is a penetration testing framework that includes a vulnerability scanner. The Metasploit vulnerability scanner can be used to scan for known vulnerabilities in the target system or application and includes a comprehensive database of known vulnerabilities.
Nmap: Nmap is a network exploration and security auditing tool that can be used for vulnerability scanning. Nmap can be used to scan for open ports and services on the target system or application, which can be used to identify potential vulnerabilities.

Using Vulnerability Scanning in the Exploitation Phase

The information gathered during the vulnerability scanning phase can be used in the next phase of the penetration testing process, which is exploitation. The vulnerabilities identified during the vulnerability scanning phase can be used to develop and execute an attack plan.

For example, if a vulnerability is identified in a web application, an attacker could use this vulnerability to gain unauthorized access to the target system or application. The attacker could exploit the vulnerability by using a tool like Metasploit to develop and execute an attack plan.

Information Gathering

Fawazkh80 — Sat, 01 Jul 2023 15:46:36 +0000

Overview

Information gathering is a critical phase of the penetration testing process, where the primary goal is to collect as much data as possible about the target system or application. The aim of this phase is to identify potential vulnerabilities and weaknesses that could be exploited by attackers to gain unauthorized access to a system or network. The information gathered can be used to create an attack plan and determine the best approach to exploit the identified vulnerabilities.

Types of Information Gathering

There are two main types of information gathering in penetration testing:

Passive Information Gathering: This involves collecting information about the target system or application without directly interacting with it. This type of gathering includes searching for publicly available information about the target, such as information on the company's website, social media profiles, or job postings. Passive information gathering can also include gathering information from third-party sources, such as public databases or online forums.
Active Information Gathering: This involves actively probing the target system or application to gather information. This type of gathering includes techniques such as port scanning, banner grabbing, and fingerprinting, which involve sending requests to the target system and analyzing the responses. Active information gathering can also include exploiting known vulnerabilities to gain access to additional information about the target.

Tools Used in Information Gathering

There are several tools that can be used in information gathering, including:

Nmap: Nmap is a popular network exploration and security auditing tool that can be used for both passive and active information gathering. It is used to identify open ports, services, and operating systems running on a target system.

Shodan: Shodan is a search engine that can be used for passive information gathering. It can be used to search for devices connected to the internet, such as webcams, routers, and servers.

theHarvester: theHarvester is a tool used for passive information gathering. It can be used to gather email addresses, subdomains, and other information about a target from various sources, such as search engines, social media, and public databases.

Sublist3r: Sublist3r is a tool used for passive information gathering. It can be used to enumerate subdomains of a target domain from various sources, such as search engines and public databases.

Using Information in Next Phase (Vulnerability Scanning)

The information gathered in the information gathering phase can be used in the next phase of the penetration testing process, which is vulnerability scanning. The information can be used to identify potential vulnerabilities and weaknesses in the target system or application. For example, the information gathered from Nmap can be used to identify open ports and services running on the target system, which can be used to determine the attack surface. The information gathered from other tools such as theHarvester and Sublist3r can be used to identify potential targets for further testing.

Overview of Pentesting Phases

Fawazkh80 — Sat, 01 Jul 2023 15:00:14 +0000

Overview

Penetration testing, also known as pentesting, is a process of testing computer systems, networks, or web applications to identify vulnerabilities that could be exploited by attackers. Pentesting is a critical component of an organization's security program as it helps them identify and address potential vulnerabilities in their systems or applications before they can be exploited by attackers.

Pentesting Processes/Phases

The pentesting process typically involves several phases, and each phase is essential to identify and address potential security vulnerabilities. The following are the six main phases of the
pentesting process:

Planning and preparation: In this phase, the scope of the assessment is defined, testing objectives are established, and the appropriate tools and techniques are identified. The tools used in this phase include project management tools, risk assessment tools, and communication tools.
Information gathering: This phase involves gathering as much information as possible about the target system or application to identify potential vulnerabilities and reduce the risk of false positives during subsequent stages of the assessment. The information gathering phase can be divided into passive and active information gathering, and it includes tools such as Nmap, Sublist3r.
Vulnerability scanning: This phase involves using various tools and techniques to identify vulnerabilities in the target system or application. This can include network and web application scanning, as well as manual testing techniques. The tools used in this phase include vulnerability scanners like Nessus.
Exploitation: In this phase, the vulnerabilities identified in the previous phase are exploited to gain access to the target system or application. This can include using known exploits, developing custom exploits, or leveraging social engineering techniques. The tools used in this phase include Metasploit.
Post-exploitation: This phase involves maintaining access to the target system or application and gathering additional information about the target. This can include installing backdoors or other persistence mechanisms, escalating privileges, or exfiltrating sensitive data. The tools used in this phase include PowerShell Empire, Cobalt Strike, and Mimikatz.
Reporting: In this phase, the results of the assessment are documented and presented to the client. The report typically includes details about the vulnerabilities identified, their severity, and recommendations for remediation.

In The End

In this series, we will continue to detail each of these phases and the tools used in them. The pentesting process is designed to help organizations identify and address potential vulnerabilities in their systems or applications before they can be exploited by attackers. By following a standardized process and using appropriate tools and techniques, pentesters can help improve the security posture of their clients and reduce the risk of successful cyber attacks.

DEV Community: Fawazkh80

# Demystifying AWS EC2 Network Interface Cards

Introduction

1. Elastic Network Interface (ENI)

2. Elastic Network Adapter (ENA)

3. Elastic Fabric Adapter (EFA)

4. Elastic Network (EN)

Differences Between ENI, ENA, EFA, and EN:

Post-Exploitation Phase

Overview

Post-Exploitation Methods

1. Privilege Escalation

2. Lateral Movement

3. Data Exfiltration

4. Persistence

Common Tools in Post-Exploitation

Exploitation phase

Overview

Famous Exploits

Most Commonly Used Tools

Using Information Obtained in the Exploitation Phase

Conclusion

Disclaimer

Vulnerability Scanning

What is Vulnerability Scanning and Why We Use It

Most Commonly Used Tools

Using Vulnerability Scanning in the Exploitation Phase

Information Gathering

Overview

Types of Information Gathering

Tools Used in Information Gathering

Using Information in Next Phase (Vulnerability Scanning)

Overview of Pentesting Phases

Overview

Pentesting Processes/Phases

In The End