Home

Awesome

caponeme

caponeme is a vulnerable cloud environment that meant to mock Capital One Breach for educational purposes

Build Status

Disclaimer

This CloudFormation template is NOT intended for deployment in a production account / environment. It is an example for a vulnerable web application that allows AWS credentials being compromised. Please use this with CAUTION and consider using new AWS account for this kind of experiment.

What is Capital One Breach?

Click here to find out

Getting Started

Deployment

This is the page you should expect to see: image

Discovering the contents of the S3 Bucket

Mitigation

Mitigation #1 - Enable Security Token on Metadata Service

Mitigation #2 - Limit Role Access Credentials to Instance Metadata Service V2

Cleanup

Todo

Credits

License

MIT