Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/byt3n33dl3/corporalkraken

Docker Payload ( Bypass anti virus ). Payload data at the endpoint when running NestJS application inside a Docker container.
https://github.com/byt3n33dl3/corporalkraken

backdoor command docker payload shellscript

Last synced: about 1 month ago
JSON representation

Docker Payload ( Bypass anti virus ). Payload data at the endpoint when running NestJS application inside a Docker container.

Host: GitHub
URL: https://github.com/byt3n33dl3/corporalkraken
Owner: byt3n33dl3
License: mit
Created: 2024-06-25T03:35:17.000Z (5 months ago)
Default Branch: main
Last Pushed: 2024-06-25T03:47:39.000Z (5 months ago)
Last Synced: 2024-09-18T06:33:23.092Z (about 2 months ago)
Topics: backdoor, command, docker, payload, shellscript
Language: Dockerfile
Homepage:
Size: 149 KB
Stars: 15
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

## Malicious Docker Payload

This docker image is intended to emulate malicious behavior to test [EDR/Anti](https://www.wicar.org/test-malware.html) Virus solutions on Docker/Kubernetes [Hosts/Clusters](https://www.wicar.org/test-malware.html).

## How To Run
```
git clone https://github.com/pxcs/Payload_Docker && cd Payload_Docker
docker build -t Payload_Docker:latest .
docker run Payload_Docker:latest
```

## What Tests are Running?

### Anti Virus
[EICAR Malware Sample](https://www.wicar.org/test-malware.html)

### Network Endpoint Protection
[Flightsim Malicious Network Sample](https://github.com/alphasoc/flightsim)

- Defensive explaination
## How Malware Scanner Service works

This repository contains the code to build a pipeline that scans objects
uploaded to GCS for malware, moving the documents to a clean or quarantined
bucket depending on the malware scan status.

It illustrates how to use Cloud Run and Eventarc to build such a pipeline.

![Architecture diagram](architecture.svg)

## Example

Use the
[tutorial](https://cloud.google.com/solutions/automating-malware-scanning-for-documents-uploaded-to-cloud-storage)
to understand how to configure your Google Cloud Platform project to use Cloud
Run and Eventarc.

## Using Environment variables in the configuration

The tutorial above uses a configuration file `config.json` built into the Docker
container for the configuration of the unscanned, clean, quarantined and CVD
updater cloud storage buckets.

Environment variables can be used to vary the deployment in 2 ways:

### Expansion of environment variables

Any environment variables specified using shell-format within the `config.json`
file will be expanded using
[`envsubst`](https://manpages.debian.org/bookworm/gettext-base/envsubst.1.en.html).

### Passing entire configuration as environment variable

An alternative to building the configuration file into the container is to use
environmental variables to contain the configuration of the service, so that
multiple deployments can use the same container, and configuration updates do
not need a container rebuild.

This can be done by setting the environmental variable `CONFIG_JSON` containing
the JSON configuration, which will override any config in the `config.json`
file.

If using the `gcloud run deploy` command line, this environment variable must be
set using the
[`--env-vars-file`](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--env-vars-file)
argument, specifying a YAML file containing the environment variable definitions
(This is because the commas in JSON would break the parsing of `--set-env-vars`)

Take care when embedding JSON in YAML - it is recommended to use the
[Literal Block Scalar style](https://yaml-multiline.info/) using `|`, as this
preserves newlines and quotes

#### Big Thanks to googlecloud for explaination