Determine privileges from cloud credentials via brute-force testing.
☆69Aug 22, 2024Updated last year
Alternatives and similar repositories for CloudPrivs
Users that are interested in CloudPrivs are comparing it to the libraries listed below
Sorting:
- ☆79Aug 2, 2023Updated 2 years ago
- ☆28Dec 28, 2017Updated 8 years ago
- RedBlock is an Nginx module designed for offensive security operations and red teaming. This module empowers security professionals to ea…☆24Jan 21, 2024Updated 2 years ago
- A Python script to authenticate and test access to Google Cloud Platform (GCP) resources.☆17Jan 31, 2024Updated 2 years ago
- Golang Shlyuz Implant Implementation☆13May 23, 2025Updated 9 months ago
- Syscall BOF to arbitrarily add/detract process token privilege rights.☆61Jul 10, 2024Updated last year
- C# alternative to the linux "cat" command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly☆15Jul 15, 2021Updated 4 years ago
- treafik fronted c2 examples☆25Dec 6, 2020Updated 5 years ago
- This tool implements a cloud version of the Shadow Copy attack against domain controllers running in AWS using only the EC2:CreateSnapsho…☆122Nov 2, 2019Updated 6 years ago
- Beacon Object File allowing creation of Beacons in different sessions.☆83May 23, 2022Updated 3 years ago
- A BOF.NET program to split a file into smaller chunks and email it via a specified SMTP relay.☆15Jun 24, 2021Updated 4 years ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆59Sep 20, 2023Updated 2 years ago
- A set of hashcat hcmask files, prioritized by cracking efficiency... and the hcmask_Generator_9000.xlsx tool.☆25Dec 17, 2023Updated 2 years ago
- Beacon Object Files used for Cobalt Strike☆19Jul 18, 2023Updated 2 years ago
- An Evil OIDC Server☆53Oct 19, 2022Updated 3 years ago
- Blogpost series showcasing interesting cloud - web app security bugs☆48Jun 13, 2023Updated 2 years ago
- Script to setup a phishing server on the cloud☆13Apr 30, 2021Updated 4 years ago
- Cloud Penetration Testing Toolkit☆106Jan 7, 2026Updated 2 months ago
- Enumerate valid users within Microsoft Teams and OneDrive with clean output.☆60Feb 4, 2025Updated last year
- A fast enumeration tool for publicly exposed Azure Storage blobs.☆117Mar 25, 2023Updated 2 years ago
- Ansible role to deploy RedELK server☆19Sep 11, 2023Updated 2 years ago
- Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon☆341Jun 6, 2022Updated 3 years ago
- ☆20Feb 9, 2024Updated 2 years ago
- ☆38Jun 9, 2021Updated 4 years ago
- Extended Process List (Search functionality)☆29Jan 23, 2021Updated 5 years ago
- Microsoft Graph API post-exploitation toolkit☆95Jul 13, 2024Updated last year
- AWS Testing and Reporting Management Tool☆20Jan 23, 2023Updated 3 years ago
- My implementation of the GIUDA project in C++☆189Jul 25, 2023Updated 2 years ago
- ☆37May 8, 2022Updated 3 years ago
- A serverless C2 framework☆14Feb 3, 2023Updated 3 years ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆158Nov 7, 2023Updated 2 years ago
- Python module for running BOFs☆80Nov 28, 2025Updated 3 months ago
- ☆124May 12, 2021Updated 4 years ago
- cloudgrep is grep for cloud storage☆326Updated this week
- PoC MSI payload based on ASEC/AhnLab's blog post☆24Sep 19, 2022Updated 3 years ago
- EC2StepShell is an AWS post-exploitation tool for getting high privileges reverse shells in public or private EC2 instances.☆68Sep 20, 2024Updated last year
- Small utility to chunk up a large BloodHound JSON file into smaller files for importing.☆97Apr 13, 2023Updated 2 years ago
- RCE exploit for CVE-2023-3519☆228Aug 23, 2023Updated 2 years ago
- ☆55Apr 25, 2023Updated 2 years ago