Cloud Scout is a plugin which works on top of BloodHound, leveraging its visualization capabilities in order to visualize cross platform attack paths.
Link to our White Paper: link
At this point Cloud Scout supports two frameworks AWSPX and StormSpotter.
Cloud Scout is able to ingest output of the mentioned frameworks into one unified database and on top of that the plugin will create relation between relevant nodes based on thier attributes.
Cloud Scout is developed by @OlegLerner, @DVazgiel and @IliaRabinovich from Sygnia.
In order to install the plugin download the GitHub repository and execute the included batch installation script with a path to BloodHound.exe as a command line argument (Assuming you already have BloodHound installed).
Example:
install.bat C:\project\BloodHoundCloud Scout has a few dependencies related to the installation.
- BloodHound
- git
- python
- pipenv
In our experience for environments with about ~2 million relations and hundereds of thousands of nodes, for optimal performance it is recommended to use a machine with 16GB RAM
Full Domain compromise leveraging Azure
AWS take over leveraging Azure and AWS permissions
Network data mapping
