label="Search API Caches",
chain="recon",
cost=0,
time=3,
objective="Discover bucket paths",
pSuccess=1.0,
)
graph.root.add(apiCache, edge_label="#Yolosec")
s3urls = Discovery(
label="S3 Urls",
description="The URL paths to various S3 buckets",
sensitivity=3,
value=0,
)
apiCache.add(s3urls, edge_label="#Yolosec")
downloadFiles = Action(
chain="exfiltration",
label="Download files from all buckets",
cost=0,
time=1,
objective="Access confidential information stored in S3",
pSuccess=1.0,
detections=["CloudWatch", "DLP"],
)
s3urls.add(downloadFiles, edge_label="#Yolosec")
downloadFiles.add(graph.goal, edge_label="#Yolosec")
graph.render(renderUnimplemented=True,
fname="example_S3Simple",
from attacktree.models import Action, Block, Detect, Discovery, Edge
from attacktree.renderer import Renderer
with Renderer(root="Internet", goal="Launch Containers") as graph:
breakApplication = Action(label="RCE in application")
graph.root.add(breakApplication)
patch = Block(label="Keep containers up to date", implemented=True)
breakApplication.add(patch)
executeSiloScape = Action(label="Execute Siloscape")
breakApplication.add(executeSiloScape)
systemPrivileges = Discovery(label="Privileged Access")
executeSiloScape.add(systemPrivileges)
symLinkDrive = Action(label="SymLink root volume")
systemPrivileges.add(symLinkDrive)
kubeConfig = Action(label="Find Kubernetes creds on disk")
symLinkDrive.add(kubeConfig)
deployMalicious = Action(label="Deploy malicious containers")
kubeConfig.add(deployMalicious)
runWindowsContainersWithLowPrivilege = Block(
label="Windows containers have low privilege", implemented=False)
deployMalicious.add(runWindowsContainersWithLowPrivilege)
deployMalicious.add(graph.goal)