Merge pull request nccgroup#96 from Hacking-the-Cloud/v2_material_mkdocs

V2 material mkdocs

.github/workflows/build_v2.yml

@@ -1,18 +1,18 @@
 name: build v2
 
 on:
-  push:
-    branches: 
-      - v2_material_mkdocs
+  pull_request:
+    branches: [ main ]
 
 jobs:
-  deploy:
+  build:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
       - uses: actions/setup-python@v2
         with:
           python-version: 3.x
       - run: pip install mkdocs-material
+      - run: pip install mkdocs-minify-plugin
       - run: pip install mkdocs-awesome-pages-plugin
       - run: mkdocs build

.github/workflows/deploy_v2.yml

@@ -2,8 +2,7 @@ name: deploy v2
 
 on:
   push:
-    branches: 
-      - v2_material_mkdocs
+    branches: [ main ]
 
 jobs:
   deploy:
@@ -13,6 +12,13 @@ jobs:
       - uses: actions/setup-python@v2
         with:
           python-version: 3.x
+      - uses: actions/cache@v2
+        with:
+          key: ${{ github.ref }}
+          path: .cache
+      - run: sudo apt-get install -y libcairo2-dev libfreetype6-dev libffi-dev libjpeg-dev libpng-dev libz-dev
       - run: pip install mkdocs-material
+      - run: pip install mkdocs-minify-plugin
       - run: pip install mkdocs-awesome-pages-plugin
-      - run: mkdocs gh-deploy --force
+      - run: pip install git+https://${{ secrets.GH_TOKEN }}@github.com/squidfunk/mkdocs-material-insiders.git
+      - run: mkdocs gh-deploy --force --config-file mkdocs.insiders.yml

.gitignore

@@ -1,3 +1,2 @@
-resources/
-public/
-.vscode/
+site/
+.cache

Dockerfile

@@ -0,0 +1,2 @@
+FROM squidfunk/mkdocs-material
+RUN pip install mkdocs-awesome-pages-plugin

README.md

@@ -10,24 +10,20 @@ Don't worry about submitting content in the wrong format or what section it shou
 ## Contributing
 Want to contribute to hacking the Cloud? Awesome! Here are some tips to get started:
 
-### Setup Hugo
-Hacking the Cloud is built using [Hugo](https://gohugo.io/), which lets us write content in a simple Markdown editor. If you've not worked with Markdown before check out this handy [cheatsheet](https://www.markdownguide.org/cheat-sheet) or look to existing examples on Hacking the Cloud.
+### Setting up the Environment
+Hacking the Cloud uses [Material for MkDocs](https://squidfunk.github.io/mkdocs-material/) and the [Awesome Pages Plugin](https://github.com/lukasgeiter/mkdocs-awesome-pages-plugin/). To make it easy to setup, there is a Docker file in this repository you can use to get up and running. First, build the docker container.
 
-**Please Note**: You do not have to install Hugo to contribute to the site. You can also use GitHub itself to create new pages (Go to the directory you'd like to add to and click "Add File" in the mid-top right). This lets you use the Markdown editor in GitHub (which is very handy).
-
-To install Hugo, please checkout [these](https://gohugo.io/getting-started/installing/) installation instructions.
+```
+docker build -t mkdocs-material .
+```
 
-After installing Hugo, you can setup an instance of Hacking the Cloud by cloning the git repository and starting the Hugo server with the following commands.
+To run a test server for your local environment you can run the Docker container (ensuring you expose a port and provide the local directory).
 
 ```
-git clone https://github.com/Hacking-the-Cloud/hackingthe.cloud.git
-cd hackingthe.cloud
-hugo server
+docker run --rm -it -p 8000:8000 -v ${PWD}:/docs mkdocs-material
 ```
 
-In this mode, every time you modify a file Hugo will automatically update the site. This makes it easy for you to see you changes as they occur.
-
-To navigate to the local instance, go to http://localhost:1313 in your browser of choice.
+__NOTE__: You do not have to run the Docker container to contribute. You can make edits or even create new pages directly from GitHub. Go to the file you'd like to edit, or the directory you'd like to add to and click "Add File" in the mid-top right. Use the Markdown editor built into GitHub and submit your Pull Request.
 
 ### Creating a New Page
 All of the content for Hacking the Cloud is in the "content" directory. From here, you can navigate to the different sections of each cloud provider. If you aren't sure what specific section to place it in, no worries! Feel free to put it under ./content and we can find or create a home for it later.
@@ -41,14 +37,10 @@ After creating the file, please put the following at the top and fill it out.
 author: <Your Name>
 title: <Page Title>
 description: <A description of the page>
-enableEditBtn: true
-editBaseURL: https://github.com/Hacking-the-Cloud/hackingthe.cloud/blob/main/content
 ---
 ```
 
-These fields help Hugo generate the site and provide additional information for SEO. The enableEditBtn must always be set to true (in the future we may find a way to remove this attribute with the button just always enabled).
-
 From here you should be able to write your content and submit a pull request. If you have any trouble don't hesitate to reach out via our [GitHub Discussions](https://github.com/Hacking-the-Cloud/hackingthe.cloud/discussions) page.
 
 ## Roadmap
-Currently the site has some material on AWS, and very little for Azure or GCP. If you have experience in any of those areas you are welcome to submit content. Even something as small as fixing grammar mistakes or adding a screenshot is appreciated! In the future I'd like to expand the site to include labs for folks to get hands-on experience with the content.
+Currently the site has some material on AWS, and very little for Azure or GCP. If you have experience in any of those areas you are welcome to submit content. Even something as small as fixing grammar mistakes or adding a screenshot is appreciated!

content/.pages

@@ -0,0 +1,6 @@
+nav:
+    - index.md
+    - AWS: aws
+    - Azure: azure
+    - GCP: gcp
+    - Blog: blog

content/aws/.pages

@@ -0,0 +1,7 @@
+nav:
+    - General Knowledge: general-knowledge
+    - Enumeration: enumeration
+    - Exploitation: exploitation
+    - Avoid Detection: avoiding-detection
+    - Post Exploitation: post_exploitation
+    - Deprecated: deprecated

content/aws/avoiding-detection/guardduty-pentest.md

@@ -2,27 +2,31 @@
 author: Nick Frichette
 title: Bypass GuardDuty Pentest Findings
 description: Prevent Kali Linux, ParrotOS, and Pentoo Linux from throwing GuardDuty alerts by modifying the User Agent string.
-enableEditBtn: true
-editBaseURL: https://github.com/Hacking-the-Cloud/hackingthe.cloud/blob/main/content
 ---
+
 When making AWS API requests on common penetration testing OS's GuardDuty will detect this and trigger a [PenTest Finding](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-kalilinux).
 
 This is caused by the user agent name that is passed in the API request. By modifying that we can prevent GuardDuty from detecting that we are operating from a "pentest" Linux distribution.
 
-{{< notice warning "Note" >}}
-If your assessment requires you to remain undetected it's probably easier to leverage a "safe" OS like Ubuntu, Mac OS, or Windows.
-{{< /notice >}}
+!!! Warning
+    If your assessment requires you to remain undetected it's probably easier to leverage a "safe" OS like Ubuntu, Mac OS, or Windows.
 
 To do this, identify the location of your ```session.py``` in the ```botocore``` package. For example, on a default Kali Linux install it can be found at ```/usr/local/lib/python3.7/dist-packages/botocore/session.py```.
 
 On line [456](https://github.com/boto/botocore/blob/7de36c07ecec503f588ac27658b1795e83b67b75/botocore/session.py#L456) (at the time of writing), you should see the following.
 
-![lines](/images/aws/avoiding-detection/guardduty-pentest/lines.jpg)
+<figure markdown>
+  ![lines](/images/aws/avoiding-detection/guardduty-pentest/lines.jpg){ loading=lazy }
+</figure>
 
 ```platform.system()``` and ```platform.release()``` are similar to ```uname -o``` and ```uname -r```. On a stock Kali install it will generate the following values.
 
-![example](/images/aws/avoiding-detection/guardduty-pentest/example.png)
+<figure markdown>
+  ![example](/images/aws/avoiding-detection/guardduty-pentest/example.png){ loading=lazy }
+</figure>
 
 To get around this, modify the code and replace it with legitimate user agent strings like those found in [Pacu](https://github.com/RhinoSecurityLabs/pacu/blob/master/user_agents.txt). With this capability you can mask your user agent to look like anything you want. Even arbitrary values like below.
 
-![modified](/images/aws/avoiding-detection/guardduty-pentest/modified.jpg)
+<figure markdown>
+  ![modified](/images/aws/avoiding-detection/guardduty-pentest/modified.jpg){ loading=lazy }
+</figure>

content/aws/avoiding-detection/guardduty-tor-client.md

@@ -1,10 +1,9 @@
 ---
-author: "Nick Frichette"
+author: Nick Frichette
 title: "Bypass GuardDuty Tor Client Findings"
 description: "Connect to the Tor network from an EC2 instance without alerting GuardDuty."
-enableEditBtn: true
-editBaseURL: https://github.com/Hacking-the-Cloud/hackingthe.cloud/blob/main/content
 ---
+
 [UnauthorizedAccess:EC2/TorClient](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-torclient) is a high severity GuardDuty finding that fires when an EC2 instance is detected making connections to Tor [Guard](https://community.torproject.org/relay/types-of-relays/#Guard%20and%20middle%20relay) or Authority nodes. According to the documentation, "this finding may indicate unauthorized access to your AWS resources with the intent of hiding the attacker's true identity".
 
 AWS determines this by comparing connections to the [public list of Tor nodes](https://metrics.torproject.org/exonerator.html). To those familiar with the Tor project, this is a common problem. Countries, internet service providers, and other authorities may block access to the Tor network making it difficult for citizens to access the open internet.