RedCloud OS : An Open source Cloud Adversary Simulation Operating System

An recently launched open source Cloud Adversary Simulation Operating System named RedCloud OS, the entire operating system designed for offensive penetration testing specifically for cloud based red-team assessment.

RedCloud OS is based on the Debian branch. It was officially developed by the team CWL Labs

Requirements:

1. Platform --> VMware Workstation

2. RAM --> 8GB+ recommended; 4GB Minimum

3. No. of cores --> 4+ Cores recommended; 2 Minimum

4. Minimum of 20GB hard disk space

Features:

1. RedCloud OS which typically included every necessary offensive testing tools to assess the leading Cloud Service Providers [AWS, Azure and GCP]

2. 30 + in build tool for cloud red team assessments

3. It included with multiple category such as Enumeration, Exploitation, and Post Exploitation. For multitasking and ease-of-use

4. Easy Deployment, installation and configuration

Downloads:

OS Download Link: https://drive.google.com/file/d/1pfF_oDeBc7tPVp9FY-Xj7dvm8aXXUJgT/view

Repo Link: https://github.com/RedTeamOperations/RedCloud-OS

Installation and deployment

Step: 01

Download and install Parrot OS Architect Edition 5.3 and proceed with installation in VMware/VirtualBox.

Step: 02

Once the Parrot OS installation is finished, launch VM and clone this repo using

git clone https://github.com/RedTeamOperations/RedCloud-OS.git

Step: 03

Redirect to the build-scripts folder and make scripts executable.

Step: 04

First start execute the uninstall.sh and execute the hold.sh and finally execute install.sh

Login Page:

By default credentials for RedCloud OS are

Username --> cwl

Password --> redcloud

Desktop:

List of AWS offensive tools:

1. AWSCLI

2. AWS Consoler

3. AWS Escalate

4. CloudCopy

5. CloudJack

6. CloudMapper

7. CredKing

8. Endgame

9. Pacu

10. Redboto

11. weirdAAL

List of Azure offensive tools:

1. AADCookieSpoof

2. AADInternals

3. AZ CLI

4. AzureAD

5. AzureHound

6. BloodHound

7. DCToolbox

8. MFASweep

9. MicroBurst

10. Microsoft365 devicePhish

11. MS Graph

12. PowerUpSQL

13. ROADtools

14. TeamFiltration

15. TokenTactics

List of GCP Offensive Tools:

1. Gcloud CLI

2. GCPBucketBrute

3. GCP Delegation

4. GCP Enum`

5. GCP Firewall Enum

6. GCP IAM Collector

7. GCP IAM Privilege Escalation

8. GCPTokenReuse

9. GoogleWorkspaceDirectoryDump

10. Hayat

Thank you for taking the time to read this blog post, and we hope that it has been helpful to you. I'd love to hear your thoughts, so please comment below and let me know your thoughts!