* What makes Spring Boot Actuator a treasure trove for attackers?

* Common Misconfigurations in Spring Boot Actuator
#1 Exposed HeapDump file
#2 Exposed Actuator Gateway Endpoint leading to RCE
#3 Exposed env endpoint

* How Can Organizations Defend Themselves?

* /actuator - List of all available actuator endpoints

* /actuator/mappings - All URL mappings controllers and handlers), request → method mappings

* /actuator/beans - Shows registered Spring beans

* /actuator/configprops - Values and sources ConfigurationProperties

* /actuator/heapdump - Exposed HeapDump file

* /actuator/env - Expose details about the runtime environment

* /actuator/httptrace - Leakage of payload structures, internal URLs, possible query data

* /actuator/loggers - Shows current logging levels and (if enabled) allows you to change logger levels at runtime

* /actuator/gateway/routes - Ssrf, can lead to rce (cve-2022-22947)

* Reconnaissance - Things to do with pre-compromise information gathering.

* Exploitation - Things that will help you gain a foothold in an account.

* Stealth - Things that might help you stay hidden after compromising an account.

* Exploration - Things to help you understand what you've pwned.

* Elevation - Things to help you move around an account and gather different levels of access.

* Persistence - Things to help maintain your access to an acccount.

* Exfiltration - Things to help you extract and move data around in AWSy ways.

# Package a payload into an ISO that bypasses MOTW
python PackMyPayload.py payload.exe -o delivery.iso -t iso

# Package into VHD (still unpatched as of 2025+)
python PackMyPayload.py payload.exe -o delivery.vhd -t vhd

Note: As of November 2022, Microsoft patched ISO files to propagate MOTW to inner files. However, VHD/VHDX containers still bypass MOTW. Many organizations also run older Windows versions where the ISO bypass still works.