Fixed some issues on guides to standardize with the rest of the project

scenarios/codebuild_secrets/README.md

@@ -8,19 +8,19 @@
 
 ## Scenario Resources
 
-1 CodeBuild Project
+- 1 CodeBuild Project
 
-1 Lambda function
+- 1 Lambda function
 
-1 VPC with:
-  * RDS x 1
-  * EC2 x 1
+- 1 VPC with:
+   * RDS x 1
+   * EC2 x 1
 
-2 IAM Users
+- 2 IAM Users
 
 ## Scenario Start(s)
 
-IAM User "Solo"
+IAM User "Solo".
 
 ## Scenario Goal(s)
 
@@ -71,4 +71,4 @@ A cheat sheet for this route is available [here](./cheat_sheet_calrissian.md).
 2. Using the RDS credentials and address recovered from the EC2 metadata service, the attacker is able to directly log in to the RDS database.
 3. With full access to the RDS database, the attacker is able to recover the scenario's goal: A pair of secret strings!
 
-A cheat sheet for this route is available [here](./cheat_sheet_solo.md).
+A cheat sheet for this route is available [here](./cheat_sheet_solo.md).

scenarios/detection_evasion/README.md

@@ -8,67 +8,51 @@
 
 ## Scenario Resources (High Level)
 
-4 IAM Users
-
-2 EC2 instances
-
-2 SecretsManager secrets
-
-A suite of detection mechanisms
+- 4 IAM Users
+- 2 EC2 instances
+- 2 SecretsManager secrets
+- A suite of detection mechanisms
 
 ## Scenario Start(s)
 
 4 pairs of IAM Credentials.
 
 ## Scenario Goal(s)
 
-The goal of this scenario is to read out the values for both secrets without being detected. The secrets are both stored
-in Secrets Manager, and their values have the following format (cg-secret-XXXXXX-XXXXXX).
+The goal of this scenario is to read out the values for both secrets without being detected. The secrets are both stored in Secrets Manager, and their values have the following format (cg-secret-XXXXXX-XXXXXX).
 
 ## Summary (TLDR setup below)
 
 This scenario is significantly different from the CloudGoat scenarios that have come before in how it plays.
-In detection_evasion, your goals will be outlined for you more clearly, and the challenge is to complete them without
-triggering alarms. There is more setup involved in this scenario, and it will take longer to play (you might want/need
-to play it multiple times).
+In detection_evasion, your goals will be outlined for you more clearly, and the challenge is to complete them without triggering alarms. There is more setup involved in this scenario, and it will take longer to play (you might want/need to play it multiple times).
 
-For starters, you will need to provide an email address to which cloudgoat can send email alerts. When/If you are
-detected by the automated mechanisms, an alert will be sent to this email address. If you don't want to use your
-standard email address, you can consider a service such as https://temp-mail.org/ or https://www.fakemail.net/.
+For starters, you will need to provide an email address to which cloudgoat can send email alerts. When/If you are detected by the automated mechanisms, an alert will be sent to this email address. If you don't want to use your standard email address, you can consider a service such as https://temp-mail.org/ or https://www.fakemail.net/.
 
-After deployment is complete, you will need to wait about an hour before playing the scenario. This is, unfortunately,
-necessary for the cloudwatch alerts to fully integrate with cloudtrails logs. It should also be kept in mind that there
-can be a significant delay in alerts for actions that you take (10-15 minutes is not uncommon). So check your email
+After deployment is complete, you will need to wait about an hour before playing the scenario. This is, unfortunately, necessary for the cloudwatch alerts to fully integrate with cloudtrails logs. It should also be kept in mind that there can be a significant delay in alerts for actions that you take (10-15 minutes is not uncommon). So check your email
 periodically to see if you have triggered an alert.
 
 ## TLDR Setup
 
 1. Set up a temporary email address if desired.
-2. Deploy the cloudgoat scenario. You will need to enter your email when prompted, and it will subsequently be stored
-   in the 'config.yml' file at the top level of the repo.
-3. Check your email address for SNS confirmation emails; there should be two. Confirm that you want to subscribe to the
-   topics.
-4. Wait 30-60 minutes before working on the scenario. This is necessary because there is some lag between the time that
-   terraform finishes deploying all resources, and the time that your CLI actions will actually trigger the alerts that
-   result in email notifications.
-5. Read the 'start.txt' file that is generated after deployment for some guidance. There will not be major spoilers in
-   this file (as there are in [cheat_sheet.md](cheat_sheet.md))
+2. Deploy the cloudgoat scenario. You will need to enter your email when prompted, and it will subsequently be stored in the 'config.yml' file at the top level of the repo.
+3. Check your email address for SNS confirmation emails; there should be two. Confirm that you want to subscribe to the topics.
+4. Wait 30-60 minutes before working on the scenario. This is necessary because there is some lag between the time that terraform finishes deploying all resources, and the time that your CLI actions will actually trigger the alerts that result in email notifications.
+5. Read the 'start.txt' file that is generated after deployment for some guidance. There will not be major spoilers in this file (as there are in [cheat_sheet.md](cheat_sheet.md))
 
 # **SPOILER ALERT:** There are spoilers for the scenario below this point.
 
-## Exploitation Route
+## Exploitation Route(s)
 
 ![Scenario Route(s)](./detection_evasion_exploitation_route.png)
 
 ## Walkthrough Overview - Easy Path
 
-1. discover that some of the credentials initially given to you are honeytokens, without triggering alerts.
-2. install the aws cli on the instance
-3. read the secret value of the corresponding secret from the ec2 instance to avoid detection.
+1. Discover that some of the credentials initially given to you are honeytokens, without triggering alerts.
+2. Install the aws cli on the instance.
+3. Read the secret value of the corresponding secret from the ec2 instance to avoid detection.
 
 ## Walkthrough Overview - Hard Path
 
-1. discover that some of the credentials initially given to you are honeytokens, without triggering alerts.
-2. move onto the ec2 instance, and grab the credentials from IMDS
-3. spoof the IP of the instance from which you grabbed the credentials, and read the secret value of the corresponding
-4. secret.
+1. Discover that some of the credentials initially given to you are honeytokens, without triggering alerts.
+2. Move onto the ec2 instance, and grab the credentials from IMDS
+3. Spoof the IP of the instance from which you grabbed the credentials, and read the secret value of the corresponding secret.

scenarios/lambda_privesc/README.md

@@ -1,26 +1,28 @@
 
 # Scenario: lambda_privesc
 
-**Size:** Small  
+**Size:** Small
+
 **Difficulty:** Easy
 
 **Command:** `$ ./cloudgoat.py create lambda_privesc`
 
 ## Scenario Resources
 
-1 IAM User  
-2 IAM Roles  
+- 1 IAM User  
+- 2 IAM Roles  
 
 ## Scenario Start(s)
 
-1. IAM User Chris  
+1. IAM User Chris
 
 ## Scenario Goal(s)
 
 Acquire full admin privileges.
+
 ## Summary
 
-Starting as the IAM user Chris, the attacker discovers that they can assume a role that has full Lambda access and pass role permissions. The attacker can then perform privilege escalation to obtain full admin access.  
+Starting as the IAM user Chris, the attacker discovers that they can assume a role that has full Lambda access and pass role permissions. The attacker can then perform privilege escalation to obtain full admin access.
 
 Note: This scenario may require you to create some AWS resources, and because CloudGoat can only manage resources it creates, you should remove them manually before running `./cloudgoat destroy`.
 

scenarios/vulnerable_cognito/README.md

@@ -2,34 +2,35 @@
 # Scenario: vulnerable_cognito
 
 **Size:** Small
+
 **Difficulty:** Moderate
 
 **Command:** `$ ./cloudgoat.py create vulnerable_cognito`
 
 ## Scenario Resources
 
-1 S3 bucket
-1 Cognito Userpool
-1 Cognito IdentityPool
-1 API Gateway REST API
-1 Lambda
-1 IAM role
+- 1 S3 bucket
+- 1 Cognito Userpool
+- 1 Cognito IdentityPool
+- 1 API Gateway REST API
+- 1 Lambda
+- 1 IAM role
 
 ## Scenario Start(s)
 
 1. API Gateway URL
 
 ## Scenario Goal(s)
 
-Get Cognito IdentityPool credentials
+Get Cognito IdentityPool credentials.
 
 ## Summary
 
 In this scenario, you are presented with a signup and login page with AWS Cognito in the backend.
 You need to bypass restrictions and exploit misconfigurations in Amazon Cognito in order to
 elevate your privileges and get Cognito Identity Pool credentials.
 
-## Exploitation Route
+## Exploitation Route(s)
 
 ![Lucidchart Diagram](exploitation_route.png "Exploitation Route")
 

scenarios/vulnerable_lambda/README.md

@@ -1,21 +1,22 @@
 
 # Scenario: vulnerable_lambda
 
-**Size:** Small  
+**Size:** Small
+
 **Difficulty:** Easy
 
 **Command:** `$ ./cloudgoat.py create vulnerable_lambda`
 
 ## Scenario Resources
 
-1 IAM User  
-1 IAM Role  
-1 Lambda   
-1 Secret 
+- 1 IAM User
+- 1 IAM Role
+- 1 Lambda
+- 1 Secret
 
 ## Scenario Start(s)
 
-1. IAM User 'bilbo' 
+1. IAM User 'bilbo'
 
 ## Scenario Goal(s)
 
@@ -25,9 +26,9 @@ Find the scenario's secret. (cg-secret-XXXXXX-XXXXXX)
 
 In this scenario, you start as the 'bilbo' user. You will assume a role with more privileges, discover a 
 lambda function that applies policies to users, and exploit a vulnerability in the function to escalate 
-the privileges of the bilbo user in order to search for secrets. 
+the privileges of the bilbo user in order to search for secrets.
 
-## Exploitation Route
+## Exploitation Route(s)
 
 ![Lucidchart Diagram](exploitation_route.png "Exploitation Route")
 
@@ -41,7 +42,7 @@ the privileges of the bilbo user in order to search for secrets.
 5. Assume the lambda invoker role.
 6. Craft an injection payload to send through the CLI.
 7. Base64 encode that payload. The single quote injection character is not compatible with the aws cli command otherwise.
-8. Invoke the policy applier lambda function, passing the name of the bilbo user and the injection payload. 
-9. Now that Bilbo is an admin, use credentials for that user to list secrets from secretsmanager. 
+8. Invoke the policy applier lambda function, passing the name of the bilbo user and the injection payload.
+9. Now that Bilbo is an admin, use credentials for that user to list secrets from secretsmanager.
 
 A cheat sheet for this route is available [here](./cheat_sheet.md).