The video above demonstrates an automated penetration test in a simple container escape scenario. In this video, in addition to using NSFOCUS’s open-source cloud-native cyber range software Metarget (for quickly and automatically building vulnerable cloud-native target machine environments), NSFOCUS’s own developed cloud-native attack suite Coogo is also utilized. Today, we will provide a brief introduction to this tool.
What are the roles of Coogo in cloud-native offense and defense?
Coogo (Cloud Offensive Operator go) is an automated penetration testing tool targeting containers and cloud-native environments.
With the rapid development and quick adoption of cloud-native technologies, enterprises are beginning to cloud-native their traditional businesses, and the security issues of cloud-native environments cannot be ignored.
In 2023, the Cloud Native Industry Alliance released the China Cloud Native Security User Survey Report, showing that about 95% of cloud-native users experienced security incidents of varying degrees in the past year, with attacks involving containers and clusters accounting for as high as 82.8%.
It is against this backdrop that NSFOCUS Security Labs has solidified the offensive and defensive research findings in the field of cloud-native security over the past few years into Coogo, the penetration testing tool for cloud-native environments. Its core capabilities are divided into information gathering, container escape, privilege escalation, defense bypassing, persistent control, and trace cleaning, based on the post-exploitation attack stages.
What are the advantages of Coogo compared to other penetration testing tools?
- Comprehensive Coverage: Coogo’s coverage in cloud-native scenarios, or even cloud environment scenarios, is very comprehensive: the coverage of the ATT&CK matrix is close to 100%. Based on the accumulation of NSFOCUS Security Labs in cloud environment offense and defense, Coogo has nearly 200 sub-capabilities/sub-weapons built-in, covering cloud environment offense and defense scenarios comprehensively. Moreover, it integrates real cases from NSFOCUS’s team in actual combat into Coogo, turning it into a sharp blade in real combat.
- Automated attack path generation and Recommendation: Coogo supports the automated generation of attack paths and intelligently recommends the optimal attack paths: target environment assessment -> intelligently recommending various attack capabilities -> capability combination -> automatically generating the optimal attack path -> automatically executing penetration testing.
- Diverse Penetration Testing: Coogo meets various input sources and supports diverse penetration testing needs. Compared to other tools that only support a single stage of the penetration testing process, Coogo supports different attack needs and chained targets (such as the control cluster of ultimate targets, intermediate targets, obtaining secrets, etc.). After automatically generating the attack path according to the user’s penetration goals and needs, Coogo provides efficient and flexible execution methods such as manual, semi-automated, and automated to complete the remaining penetration testing tasks.
Moving forward, NSFOCUS will continue to update and iterate Metarget (open-source software) and Coogo to integrate more capabilities. At the same time, by combining NSFOCUS’s cloud-native and cloud environment defense products, it will improve the triangular closed-loop operation of the cyber range, offensive and defensive suites, and defense. Additionally, it will leverage the intelligent scheduling capabilities of large language models to enhance the intelligence and automation levels of Coogo. By collaborating with the community and the industry, it aims to build a comprehensive cloud-native security ecosystem and promote the continuous advancement of offensive and defensive technologies.