Tools and blogs I use to perform GCP red teams
☆141Jul 23, 2024Updated last year
Alternatives and similar repositories for awesome-gcp-pentesting
Users that are interested in awesome-gcp-pentesting are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- This repository contains the technique presented at SOCON2025 for stealing cookies silently from MacOS Sequoia with only root privileges☆12Mar 27, 2025Updated last year
- Welcome to the Very Vulnerable Lambda Application repository! This repository contains an intentionally vulnerable serverless applicatio…☆11Jul 22, 2024Updated last year
- A comprehensive scanner for Google Cloud☆356Dec 5, 2025Updated 3 months ago
- Rehashing APIs to prevent hash based detection☆14Jan 7, 2025Updated last year
- GCP GOAT is the vulnerable application for learn the GCP Security☆72May 20, 2025Updated 10 months ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆935Nov 11, 2024Updated last year
- Basic Linux binary shim method on the passwd binary from the shadow package to steal credentials as they are changed.☆14Nov 14, 2024Updated last year
- A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.☆416Oct 6, 2025Updated 5 months ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆211Nov 12, 2025Updated 4 months ago
- GCPGoat : A Damn Vulnerable GCP Infrastructure☆436Oct 29, 2024Updated last year
- Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers☆18Mar 19, 2025Updated last year
- Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @Webbi…☆290May 16, 2025Updated 10 months ago
- List web account manager (WAM) accounts added to the current profile☆24Dec 11, 2025Updated 3 months ago
- Azure Security Resources and Notes☆1,717Feb 17, 2026Updated last month
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.☆558May 26, 2023Updated 2 years ago
- Automated Persistence and Lateral Movement using GCP Patch Management☆16Aug 11, 2022Updated 3 years ago
- Bypassing Amsi using LdrLoadDll☆47Jan 8, 2025Updated last year
- Tactics, Techniques, and Procedures☆28Jan 20, 2025Updated last year
- Tools for analyzing EDR agents☆278Jun 10, 2024Updated last year
- Azure JWT Token Manipulation Toolset☆720Dec 6, 2024Updated last year
- ☆26Feb 11, 2025Updated last year
- A vulnerable environment for exploring common GCP misconfigurations and vulnerabilities☆34Nov 12, 2025Updated 4 months ago
- A security competition scoring system built on the Elastic stack.☆41Dec 11, 2025Updated 3 months ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Dump LSASS by spoofing command line arguments to procdump.☆20Oct 21, 2024Updated last year
- ☆20Sep 2, 2021Updated 4 years ago
- Azure DevOps Services Attack Toolkit☆149Mar 15, 2025Updated last year
- A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.☆271Sep 14, 2023Updated 2 years ago
- Offensive Windows security tooling that allows for persistance to the operating system.☆10Apr 28, 2021Updated 4 years ago
- Custom SOCKS proxy for redteam☆14Mar 29, 2022Updated 3 years ago
- Azure Data Exporter for BloodHound☆879Updated this week
- JXA situational awareness helper by simply reading specific files on a filesystem☆82Feb 17, 2026Updated last month
- A BOF that runs unmanaged PEs inline☆685Oct 23, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Infrastructure Automation☆357Apr 12, 2024Updated last year
- Azure AD cheatsheet for the CARTP course☆150May 5, 2022Updated 3 years ago
- ELF Beacon Object File (BOF) Template☆19Nov 18, 2024Updated last year
- Realm is a cross platform Red Team engagement platform with a focus on automation and reliability.☆610Mar 20, 2026Updated last week
- Library of BOFs to interact with SQL servers☆229Dec 3, 2025Updated 3 months ago
- ☆244Jan 23, 2025Updated last year
- These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok☆173Feb 6, 2025Updated last year