Internal testing, product demonstrations, and security training are critical practices in cybersecurity, giving defenders and everyday users the tools and wherewithal to prevent and respond to enterprise threats.
However, according to new research from Pentera Labs, when left in default or misconfigured states, these “test” and “demo” environments are yet another entry point for attackers — and the issue even affects leading security companies and Fortune 500 companies that should know better.
Researchers discovered that popular public training apps like Hackazon, Damn Vulnerable Web Application (DVWA), and OWASP Juice Shop have been frequently left accessible to the public internet, inadvertently exposing top vendors including Palo Alto Networks, Cloudflare, and F5.
“This is not t…
Internal testing, product demonstrations, and security training are critical practices in cybersecurity, giving defenders and everyday users the tools and wherewithal to prevent and respond to enterprise threats.
However, according to new research from Pentera Labs, when left in default or misconfigured states, these “test” and “demo” environments are yet another entry point for attackers — and the issue even affects leading security companies and Fortune 500 companies that should know better.
Researchers discovered that popular public training apps like Hackazon, Damn Vulnerable Web Application (DVWA), and OWASP Juice Shop have been frequently left accessible to the public internet, inadvertently exposing top vendors including Palo Alto Networks, Cloudflare, and F5.
“This is not theoretical research,” Noam Yaffe, Pentera’s senior researcher and offensive security team lead, wrote in a technical blog post. His team discovered “clear evidence” that these attack vectors are being exploited in the wild to enable crypto miners, webshells, and persistence mechanisms. The attackers are believed to be of Eastern European origin.
“This research proves that labeling something as ‘training’ or ‘dev’ doesn’t make it invisible to attackers,” Yaffe noted. “If it’s on the internet and it has cloud credentials, it’s a target.”
Exposing crown jewels through seemingly harmless labs
After identifying an exposed instance of Hackazon, a free, intentionally vulnerable test site developed by Deloitte, during a routine cloud security assessment for a client, Yaffe performed a five-step hunt for exposed apps. His team uncovered 1,926 “verified, live, and vulnerable applications,” more than half of which were running on enterprise-owned infrastructure on AWS, Azure, and Google Cloud platforms.
They then discovered 109 exposed credential sets, many accessible via a low-priority lab environment, tied to overly-privileged identity access management (IAM) roles. These often granted “far more access” than a ‘training’ app should, Yaffe explained, and provided attackers:
- Administrator-level access to cloud accounts, as well as full access to S3 buckets, GCS, and Azure Blob Storage;
- The ability to launch and destruct compute resources and read and write to secrets managers;
- Permissions to interact with container registries where images are stored, shared, and deployed.
Attackers maintained persistent access, moved laterally across networks, exploited cloud credentials and other sensitive information, and crypto-mined victim infrastructure. Further, Pentera’s researchers easily discovered active secrets such as Slack keys, GitHub tokens, and Docker Hub credentials, as well as real user data and proprietary source code.
Alarmingly, in DVWA, 54% of instances discovered still used the default credentials ‘admin:password,’ and attackers could downgrade security settings in a single click (from “impossible” to “low”), making every built-in vulnerability “trivially exploitable,” Yaffe noted.
“What began as a harmless lab could lead directly to an organization’s crown jewels,” he said.
Real-world exploitations
In one real-world instance, Pentera’s team discovered a misconfigured buggy web application (bWAPP) linked to Cloudflare cloud accounts running on Google Cloud Platform (GCP). bWAPP is a free, open source, deliberately insecure web app used for training purposes. Querying GCP’s metadata services, the researchers were able to impersonate default service accounts and gain read access to “hundreds” of storage buckets.
Similarly, a DVWA linked to F5’s cloud accounts was found running on a GCP instance, again allowing the researchers to access numerous storage buckets containing logs and metric data. In addition, a misconfigured Palo Alto-linked DVWA app was identified running on AWS; Yaffe and his team used the attached IAM role and temporary credentials to gain full administrative access to the AWS account.
Researchers also exfiltrated OAuth tokens for a GCP service account to assume its identity, and list and access specific bucket content. For instance, one “cloud_build” bucket stored .tgz files that attackers could easily download. The account was managed by an admin email and violated least privilege because it contained policy permission, Yaffe explained.
“Even though this was a ‘dev’/ ‘training’ account, it contained highly sensitive secrets, credentials, and API tokens,” he said.
In assessing these misconfigured, vulnerable applications, his team found “clear evidence” that they were already being fully exploited in the wild. Roughly 20% of the DVWA instances they discovered contained artifacts deployed by malicious actors, including:
- XMRig Crypto Miner actively running, sending proceeds to attacker-controlled wallets, and configured to run silently without user knowledge;
- A “sophisticated” watchdog script that maintained persistence even after a compromise had been discovered. This featured self-recovery, automated downloads, encrypted payload delivery, evidence deletion, and kill switches that threat actors could use to easily shut down operations;
- A PHP webshell that granted attackers the ability to read, write, delete, upload and download files; run operating system (OS) commands and scripts on remote machines; and access credentials, API keys, and other secrets embedded in source code.
All discoveries were responsibly disclosed to the impacted organizations and were subsequently mitigated prior to publication, Yaffe emphasized.
“These weren’t isolated incidents; they represented an organized, ongoing exploitation campaign,” he warned.
What enterprises can do now
To defend against this widespread threat, Yaffe and his team developed SigInt, a Python-based, large language model (LLM)-powered autonomous reconnaissance framework. The tool, which is available on GitHub, generates fingerprint signatures directly from a live target or GitHub repository, searches for matches, and applies confidence scoring. It also incorporates IP intelligence, cloud provider detection, attribution data, and provides analysis to support further investigation.
Beyond this, Yaffe advised enterprises to “inventory everything” to establish a complete, up-to-date picture of all cloud resources, including ‘temporary’ and ‘test deployments,’ perform regular audits to scan for exposed services, and apply least privilege.
“Never attach broad IAM roles to training or demo environments,” he said.
Further, defenders should isolate training environments from production networks and apply the same monitoring and alerting to them as production environments, restrict their outbound internet access, document and enforce changes to default credentials pre-deployment, and set controls that expire temporary testing environments after a specified timeframe. “If it doesn’t have an end date, it will run forever,” Yaffe noted.
Ultimately, he emphasized: “These are fixable problems. Basic hygiene … would have prevented every case we found.”
SUBSCRIBE TO OUR NEWSLETTER
From our editors straight to your inbox
Get started by entering your email address below.