cornershot v0.2.17 releases: Amplify network visibility from multiple POV of other hosts
What is CornerShot
In warfare, CornerShot is a weapon that allows a soldier to look past a corner (and possibly take a shot), without risking exposure. Similarly, the CornerShot package allows one to look at a remote host’s network access without the need to have any special privileges on that host.
Using CornerShot, a source, with network access to the carrier, can determine whether there is network access between the carrier and target for a specific port p.
For example, let’s assume a red team is trying to propagate from a “compromised” source host A to a target host X, for which host A has no access. If they propagate through host B, only then they will discover that there is no network access between host B and X.
By using CornerShot, the team can discover that host C actually has access to target X, so propagation towards target X should go through host C first.
Similar to nmap, it differentiates between the following state of ports: open, closed, filtered, and unknown (if it can’t be determined).
The following demo shows running CornerShot against two carriers host 172.0.1.12 & 172.0.1.13, in order to determine if the have network access to 192.168.200.1:
Use Cases
Single Deployment for Complete Network Visibility
The seemingly simple task of identifying if some host B in the network has access to host C may require a large deployment of network sensors, device agents, or collection of a multitude of firewall rules, router configurations, and host policies.
CornerShot can simplify this process by using one (or very few) agents that can query other hosts in the network, to determine their access to remote hosts.
Validate BloodHound Paths
Security teams that utilize BloodHound to find, and mitigate, privilege escalation paths inside their network, often struggle with millions of logical paths discovered by BloodHound.
ShotHound is a tool that integrated CornerShot with BloodHound, in order to discover practical paths that are supported by network access.
Changelog v0.2.17
-
Update setup.py (#12)
