Type
Configuration Scanning
D3FEND Tactic
Application Hardening (D3-AH)
TL;DR
Inspects host and app settings to detect misconfigurations.
Description
The process of inspecting and verifying the configuration settings of hosts (servers or workstations) to ensure they comply with security policies and best practices.
Techniques
Abusing exposed Docker socketMisconfigured Wordpress abuseMisconfigured Redis abuseMisconfigured Docker abuseMisconfigured DB abuseMisconfigured Consul abuseMisconfigured Argo abuseMisconfigured Apache Hadoop abuseJupyter Notebook misconfig abuseJupyter Notebook ransomwarecAdvisor abuseK8s anonymous auth abuse