Modules: Install a backdoor

Run powerpwn --help to get all available commands.

This article provides an overview of the threat posed by low code abuse and how to protect against it. Low code abuse is a type of attack that uses low code platforms to automate data exfiltration to a third-party cloud storage solution. This type of attack was first presented at a DEFCON30 talk titled Low Code High Risk - Enterprise Domination via Low Code Abuse. The attack was inspired by a 2020 APT-related incident reported by Microsoft DART.

To protect against low code abuse, the article recommends installing an automation factory that creates, executes and deletes arbitrary commands. This factory can be installed by running the command “powerpwn backdoor -e {environment-id} install-factory -c {flow management connector connection id} -t {tenant}”. To create a flow, the command “powerpwn backdoor -e {environment-id} create-flow -webhook-url {url to installed factory} -i {full path to input}” should be used. To delete a flow, the command “powerpwn -e {environment-id} backdoor delete-flow -webhook-url {url to installed factory} -f {flow-id}” should be used. To get all connections, the command “powerpwn backdoor -e {environment-id} get-connections -webhook-url {url to installed factory} -o {output file}” should be used.

The article also provides an example of how to use the BackdoorFlow class from the powerpwn library to create and delete a flow. The example code includes the command “from powerpwn.powerdoor.backdoor_flow import BackdoorFlow” to import the BackdoorFlow class, and the command “factory.create_flow(environment_id=SAMPLE_FLOW["environment"], flow_display_name=SAMPLE_FLOW["flowDisplayName"], flow_definition=SAMPLE_FLOW["flowDefinition"], flow_state=SAMPLE_FLOW["flowState"], connection_references=EXAMPLE["connectionReferences"])” to create a flow. The command “factory.delete_flow(environment_id=SAMPLE_FLOW["environment"], flow_id=flow["name"])” is used to delete the flow.

In conclusion, this article provides an overview of the threat posed

📓 Modules: Install a backdoor

👉🏽 Run powerpwn --help to get all available commands. by low code abuse and offers recommendations for protection.

Main purposes of the text include:

👉🏽 Explain the concept of low code abuse and its potential dangers. 👉🏽 Highlight the use of low code platforms for automated data exfiltration. 👉🏽 Reference the DEFCON30 talk that introduced the concept of low code abuse. 👉🏽 Mention the Microsoft DART incident that inspired this type of attack. 👉🏽 Suggest the installation of an automation factory to counter low code abuse. 👉🏽 Provide command instructions for installing, creating, and deleting flows in the factory. 👉🏽 Introduce the BackdoorFlow class from the powerpwn library for flow manipulation. 👉🏽 Include example code for creating and deleting a flow using the BackdoorFlow class. 👉🏽 Emphasize the importance of protecting against low code abuse. 👉🏽 Offer an overall understanding of the threat and methods for defense.

🔗 source link: https://github.com/mbrg/power-pwn/wiki/Modules:-Install-a-backdoor

🔗 summarized content: https://hut.threathunterz.com/battlefield-intel/tradecraft-tools/modules-install-a-backdoor

#LowCodeAbuse #DataExfiltration #AutomationFactory #BackdoorFlow #ProtectAgainstThreat