Tools and blogs I use to perform GCP red teams
☆138Jul 23, 2024Updated last year
Alternatives and similar repositories for awesome-gcp-pentesting
Users that are interested in awesome-gcp-pentesting are comparing it to the libraries listed below
Sorting:
- A comprehensive scanner for Google Cloud☆353Dec 5, 2025Updated 3 months ago
- Rehashing APIs to prevent hash based detection☆14Jan 7, 2025Updated last year
- This repository contains the technique presented at SOCON2025 for stealing cookies silently from MacOS Sequoia with only root privileges☆12Mar 27, 2025Updated 11 months ago
- GRC (Governance, Risk and Compliance) Software, to manage risks and controls. It is based in best practices and helps organizations to ma…☆27Mar 8, 2023Updated 2 years ago
- Comprehensive adversary emulation tool for security testing on Google Cloud Platform (GCP) environments.☆14Jun 14, 2024Updated last year
- Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers☆18Mar 19, 2025Updated 11 months ago
- generates unique subdomain names and runs httpx on them☆17Apr 8, 2024Updated last year
- A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.☆415Oct 6, 2025Updated 5 months ago
- ☆20Sep 2, 2021Updated 4 years ago
- GCPGoat : A Damn Vulnerable GCP Infrastructure☆431Oct 29, 2024Updated last year
- Basic Linux binary shim method on the passwd binary from the shadow package to steal credentials as they are changed.☆14Nov 14, 2024Updated last year
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆932Nov 11, 2024Updated last year
- Creates an ATT&CK Navigator map of an Adversary Emulation Plan☆17Sep 4, 2021Updated 4 years ago
- autopwn + deployment☆15Apr 13, 2022Updated 3 years ago
- Infrastructure Automation☆356Apr 12, 2024Updated last year
- Azure AD cheatsheet for the CARTP course☆149May 5, 2022Updated 3 years ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆211Nov 12, 2025Updated 3 months ago
- Red Team Operation's Defense Evasion Technique.☆56Jun 4, 2024Updated last year
- Azure DevOps Services Attack Toolkit☆150Mar 15, 2025Updated 11 months ago
- Tools for analyzing EDR agents☆278Jun 10, 2024Updated last year
- ELF Beacon Object File (BOF) Template☆19Nov 18, 2024Updated last year
- Custom SOCKS proxy for redteam☆14Mar 29, 2022Updated 3 years ago
- Deploy redteam infrastructure☆17Mar 9, 2021Updated 4 years ago
- This repository contains links to all the 100 days tweets that I posted during the #100DaysOfHacking challenge.☆17Apr 11, 2022Updated 3 years ago
- GCP GOAT is the vulnerable application for learn the GCP Security☆71May 20, 2025Updated 9 months ago
- A security competition scoring system built on the Elastic stack.☆41Dec 11, 2025Updated 2 months ago
- Azure Security Resources and Notes☆1,713Feb 17, 2026Updated 2 weeks ago
- ☆15Apr 29, 2023Updated 2 years ago
- A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.☆555May 26, 2023Updated 2 years ago
- ☆244Jan 23, 2025Updated last year
- Azure JWT Token Manipulation Toolset☆716Dec 6, 2024Updated last year
- ☆26Feb 11, 2025Updated last year
- Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @Webbi…☆288May 16, 2025Updated 9 months ago
- Awesome cloud enumerator☆1,103Mar 9, 2025Updated 11 months ago
- A Red Team Activity Hub☆234Feb 25, 2026Updated last week
- A Post-exploitation Toolset for Interacting with the Microsoft Graph API☆1,256Jul 22, 2025Updated 7 months ago
- Realm is a cross platform Red Team engagement platform with a focus on automation and reliability.☆598Updated this week
- Active Directory certificate abuse☆43Oct 9, 2022Updated 3 years ago
- A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.☆271Sep 14, 2023Updated 2 years ago