Skip to content

Supported Platforms

Currently, The DeRF only comes with attack techniques for AWS and GCP.
See Getting Started for deployment instructions.

List of all Attack Techniques

This page contains the list of all DeRF Attack Techniques.

Name Platform MITRE ATT&CK Tactics
Delete CloudTrail Trail AWS Defense Evasion
Stop CloudTrail Logging AWS Defense Evasion
Disable CloudTrail Logging Through Event Selectors AWS Defense Evasion
CloudTrail Logs Impairment Through S3 Lifecycle Rule AWS Defense Evasion
Attempt to Leave the aws Organization AWS Defense Evasion
Remove VPC Flow Logs AWS Defense Evasion
Exfiltrate EBS Snapshot by Sharing It AWS Exfiltration
Exfiltrate an AMI by Sharing It AWS Exfiltration
Exfiltrate RDS Snapshot by Sharing It AWS Exfiltration
Open Ingress Port 22 on a Security Group AWS Exfiltration
Download EC2 Instance User Data AWS Discovery
Execute Discovery Commands on an EC2 Instance AWS Discovery
Retrieve EC2 Password Data AWS Credential Access
Steal EC2 Instance Credentials AWS Credential Access
Retrieve and Decrypt SSM Parameters AWS Credential Access
Retrieve a High Number of Secrets Manager secrets AWS Credential Access
Execute Commands on EC2 Instance via User Data AWS Execution
Launch Unusual EC2 Instances AWS Execution
Console Login without MFA AWS Initial Access
Impersonate GCP Service Accounts GCP Privilege Escalation
Exfiltrate Compute Disk by sharing it GCP Exfiltration
Backdoor a GCP Service Account through its IAM Policy GCP Persistence
Exfiltrate Data from BigQuery Table via Unauthorized Query GCP Persistence