Skip to content

Latest commit

 

History

History
108 lines (96 loc) · 6.24 KB

attack-tree.md

File metadata and controls

108 lines (96 loc) · 6.24 KB

Attack Tree Analysis for hashicorp/vault

Objective: To gain unauthorized access to secrets stored within Vault, leading to compromise of the application or its connected systems.

Attack Tree Visualization

                                     [*** Gain Unauthorized Access to Secrets in Vault ***]
                                                    /                   \
                                                   /                     \
                      -------------------------------------------------------------------------
                      |                                                                       |
[Compromise Vault Server]                                         [Exploit Vault Misconfiguration]
      /                                                                       /               \
     /                                                                       /                 \
[OS Vuln]                                                           [Weak Auth]           [Unsealed]
---(HIGH)---                                                        ---(HIGH)---           ---(HIGH)---
      |                                                                       |                   |
      |                                                                       |                   |
[***OS***]                                                            [***Creds***]         [***Keys***]
                      -------------------------------------------------------------------------
                      |
[Abuse Legitimate Vault Access]
      /
     /
[Leaked Creds]
---(HIGH)---
      |
      |
[***Creds***]

Attack Tree Path: 1. Compromise Vault Server -> OS Vuln -> [OS]

  • Path Description: The attacker exploits a vulnerability in the operating system running the Vault server to gain full control.
  • [OS Vuln]: Operating System Vulnerabilities:
    • Description: Exploiting vulnerabilities in the underlying operating system (e.g., unpatched kernel, vulnerable SSH).
    • Likelihood: High (Common attack vector)
    • Impact: Very High (Full server compromise)
    • Effort: Low to Medium (Automated tools available)
    • Skill Level: Low to Medium (Script kiddies to experienced attackers)
    • Detection Difficulty: Medium (IDS/IPS, log analysis can detect)
    • Actionable Insights:
      • Regularly patch the OS.
      • Harden the OS (disable unnecessary services, firewall).
      • Use a minimal OS image.
      • Monitor system logs (IDS/IPS).
  • [OS] (Critical Node):
    • Description: Full control of the operating system means full control of the Vault server and all its data.
    • Impact: Very High

Attack Tree Path: 2. Exploit Vault Misconfiguration -> Weak Auth -> [Creds]

  • Path Description: The attacker leverages weak authentication mechanisms to obtain valid credentials for Vault.
  • [Weak Auth]: Weak Authentication Mechanisms:
    • Description: Using weak passwords, default credentials, or lacking MFA.
    • Likelihood: Medium (Common misconfiguration)
    • Impact: High (Unauthorized access to Vault)
    • Effort: Very Low to Low (Brute-force, password guessing)
    • Skill Level: Very Low to Low (Basic hacking techniques)
    • Detection Difficulty: Low to Medium (Failed login attempts, unusual activity)
    • Actionable Insights:
      • Enforce strong password policies.
      • Implement multi-factor authentication (MFA).
      • Use appropriate auth methods.
      • Regularly review and rotate credentials.
  • [Creds] (Critical Node):
    • Description: Valid credentials grant direct access to Vault, potentially with high privileges.
    • Impact: High

Attack Tree Path: 3. Exploit Vault Misconfiguration -> Unsealed -> [Keys]

  • Path Description: The attacker gains access to the unseal keys due to insecure storage or handling.
  • [Unsealed]: Vault Unsealed Insecurely:
    • Description: Leaving Vault unsealed insecurely (plain text keys, insecure auto-unseal).
    • Likelihood: Low (Requires significant insider access or severe misconfiguration)
    • Impact: Very High (Full access to all secrets)
    • Effort: Low (If unseal keys are readily available)
    • Skill Level: Low (If unseal keys are poorly protected)
    • Detection Difficulty: Medium to High (Requires monitoring of unseal attempts)
    • Actionable Insights:
      • Use a secure unseal mechanism (Shamir's Secret Sharing).
      • Consider auto-unseal with a trusted KMS or HSM.
      • Protect unseal keys rigorously.
      • Monitor unseal attempts.
  • [Keys] (Critical Node):
    • Description: The unseal keys are the master keys to decrypt Vault's data. Their compromise is catastrophic.
    • Impact: Very High

Attack Tree Path: 4. Abuse Legitimate Vault Access -> Leaked Creds -> [Creds]

  • Path Description: The attacker obtains valid Vault credentials that have been leaked through various means.
  • [Leaked Creds]: Leaked Credentials:
    • Description: Credentials exposed in code, data breaches, or other leaks.
    • Likelihood: Medium (Accidental exposure, data breaches)
    • Impact: High (Unauthorized access to Vault)
    • Effort: Very Low (If credentials are found)
    • Skill Level: Very Low (No specific Vault knowledge needed)
    • Detection Difficulty: Medium to High (Requires monitoring for credential leaks and unusual activity)
    • Actionable Insights:
      • Never store credentials in code.
      • Use a secrets management tool.
      • Regularly rotate credentials.
      • Monitor for credential leaks.
  • [Creds] (Critical Node):
    • Description: Valid credentials grant direct access to Vault.
    • Impact: High