Supported Platforms

Currently, The DeRF only comes with attack techniques for AWS and GCP.
See Getting Started for deployment instructions.

List of all Attack Techniques

This page contains the list of all DeRF Attack Techniques.

Name	Platform	MITRE ATT&CK Tactics
Delete CloudTrail Trail	AWS	Defense Evasion
Stop CloudTrail Logging	AWS	Defense Evasion
Disable CloudTrail Logging Through Event Selectors	AWS	Defense Evasion
CloudTrail Logs Impairment Through S3 Lifecycle Rule	AWS	Defense Evasion
Attempt to Leave the aws Organization	AWS	Defense Evasion
Remove VPC Flow Logs	AWS	Defense Evasion
Exfiltrate EBS Snapshot by Sharing It	AWS	Exfiltration
Exfiltrate an AMI by Sharing It	AWS	Exfiltration
Exfiltrate RDS Snapshot by Sharing It	AWS	Exfiltration
Open Ingress Port 22 on a Security Group	AWS	Exfiltration
Download EC2 Instance User Data	AWS	Discovery
Execute Discovery Commands on an EC2 Instance	AWS	Discovery
Retrieve EC2 Password Data	AWS	Credential Access
Steal EC2 Instance Credentials	AWS	Credential Access
Retrieve and Decrypt SSM Parameters	AWS	Credential Access
Retrieve a High Number of Secrets Manager secrets	AWS	Credential Access
Execute Commands on EC2 Instance via User Data	AWS	Execution
Launch Unusual EC2 Instances	AWS	Execution
Console Login without MFA	AWS	Initial Access
Impersonate GCP Service Accounts	GCP	Privilege Escalation
Exfiltrate Compute Disk by sharing it	GCP	Exfiltration
Backdoor a GCP Service Account through its IAM Policy	GCP	Persistence
Exfiltrate Data from BigQuery Table via Unauthorized Query	GCP	Persistence