Tools and blogs I use to perform GCP red teams
☆140Jul 23, 2024Updated last year
Alternatives and similar repositories for awesome-gcp-pentesting
Users that are interested in awesome-gcp-pentesting are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- This repository contains the technique presented at SOCON2025 for stealing cookies silently from MacOS Sequoia with only root privileges☆12Mar 27, 2025Updated last year
- Welcome to the Very Vulnerable Lambda Application repository! This repository contains an intentionally vulnerable serverless applicatio…☆12Jul 22, 2024Updated last year
- A comprehensive scanner for Google Cloud☆362Dec 5, 2025Updated 6 months ago
- Rehashing APIs to prevent hash based detection☆14Jan 7, 2025Updated last year
- GCP GOAT is the vulnerable application for learn the GCP Security☆71May 20, 2026Updated 3 weeks ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆946Nov 11, 2024Updated last year
- Basic Linux binary shim method on the passwd binary from the shadow package to steal credentials as they are changed.☆14Nov 14, 2024Updated last year
- A vulnerable Cognito application is a simple web app that can be used to practice various Cognito attacks.☆12Jul 13, 2022Updated 3 years ago
- A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.☆419Oct 6, 2025Updated 8 months ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆211Nov 12, 2025Updated 7 months ago
- GCPGoat : A Damn Vulnerable GCP Infrastructure☆442Oct 29, 2024Updated last year
- Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers☆19Mar 19, 2025Updated last year
- Pentesting framework for GCP that enumerates/downloads data that feeds into a BloodHound Opengraph model. Includes credential management,…☆300Updated this week
- A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.☆563May 26, 2023Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Azure Security Resources and Notes☆1,756Feb 17, 2026Updated 4 months ago
- Automated Persistence and Lateral Movement using GCP Patch Management☆16Aug 11, 2022Updated 3 years ago
- Bypassing Amsi using LdrLoadDll☆48Jan 8, 2025Updated last year
- Tactics, Techniques, and Procedures☆28Jan 20, 2025Updated last year
- Tools for analyzing EDR agents☆277Jun 10, 2024Updated 2 years ago
- Azure JWT Token Manipulation Toolset☆731Dec 6, 2024Updated last year
- ☆26Feb 11, 2025Updated last year
- Offensive Security Scripts (OSS) - Repository of random scripts I've written for offensive purposes.☆12Feb 21, 2025Updated last year
- A vulnerable environment for exploring common GCP misconfigurations and vulnerabilities☆34Nov 12, 2025Updated 7 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- A security competition scoring system built on the Elastic stack.☆41Dec 11, 2025Updated 6 months ago
- Dump LSASS by spoofing command line arguments to procdump.☆20Oct 21, 2024Updated last year
- ☆20Sep 2, 2021Updated 4 years ago
- A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.☆273Sep 14, 2023Updated 2 years ago
- Custom SOCKS proxy for redteam☆14Mar 29, 2022Updated 4 years ago
- List web account manager (WAM) accounts added to the current profile☆26Dec 11, 2025Updated 6 months ago
- Azure Data Exporter for BloodHound☆920Jun 10, 2026Updated last week
- Azure DevOps Services Attack Toolkit☆155Apr 29, 2026Updated last month
- JXA situational awareness helper by simply reading specific files on a filesystem☆82Feb 17, 2026Updated 4 months ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- A BOF that runs unmanaged PEs inline☆701Oct 23, 2024Updated last year
- Infrastructure Automation☆360Apr 12, 2024Updated 2 years ago
- Azure AD cheatsheet for the CARTP course☆158May 5, 2022Updated 4 years ago
- ELF Beacon Object File (BOF) Template☆20Nov 18, 2024Updated last year
- Realm is a cross platform Red Team engagement platform with a focus on automation and reliability.☆622Updated this week
- These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok☆174Feb 6, 2025Updated last year
- ☆245Jan 23, 2025Updated last year