anunay-bhatt / secure-serverless-reference-architecture

Related projects: ⓘ

• ghostsecurity / waf-btk
  WAF bypass PoC
  ☆43Updated 11 months ago
• AbstractClass / CloudPrivs
  Determine privileges from cloud credentials via brute-force testing.
  ☆63Updated 3 weeks ago
• Frichetten / aws_api_shapeshifter
  A small library to alter AWS API requests; Used for fuzzing research
  ☆21Updated 10 months ago
• ncc-erik-steringer / Aerides
  An implementation of infrastructure-as-code scanning using dynamic tooling.
  ☆56Updated 2 years ago
• hotnops / AWSRoleJuggler
  A toolset to juggle AWS roles for persistent access
  ☆47Updated last month
• doyensec / cloudsec-tidbits
  Blogpost series showcasing interesting cloud - web app security bugs
  ☆44Updated last year
• bridgecrewio / cdkgoat
  CdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository. CdkGoat is a learning and training project that demonstrates how commo…
  ☆43Updated last year
• sebastian-mora / awsssome_phish
  AWS SSO serverless phishing API.
  ☆29Updated 3 years ago
• ramimac / breach-list-database
  A meta-database collecting resources that compile lists of breaches
  ☆17Updated 5 months ago
• twistlock / lambda-persistency-poc
  PoC for gaining persistency on vulnerable Lambdas
  ☆30Updated 3 years ago
• crypsisgroup / ebs-direct-sec-tools
  Fun tools around the EBS Direct API
  ☆17Updated 3 years ago
• cider-rnd / secret-diver
  ☆30Updated this week
• offensive-terraform / offensive-terraform.github.io
  Offensive Terraform Website
  ☆44Updated 3 years ago
• cedowens / aws-cli-notes
  A combined list of helpful awscli commands from Scott Piper's flaws.cloud exercise as well as from Beau Bullock's Breaching the Cloud Tra…
  ☆18Updated 3 years ago
• avishayil / cdk-goat
  Vulnerable by Design AWS Cloud Development Kit (CDK) Infrastructure
  ☆42Updated 8 months ago
• JOSHUAJEBARAJ / GCP-GOAT
  GCP GOAT is the vulnerable application for learn the GCP Security
  ☆61Updated 11 months ago
• lightspin-tech / lightspin-2022-top-7-attack-paths
  Based on Lightspin proprietary data, research, and our tracking of cloud security trends in the market, our research team has compiled a …
  ☆38Updated 2 years ago
• trufflesecurity / WhoAmISlack
  Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.
  ☆38Updated 9 months ago
• OWASP / www-project-cloud-native-application-security-top-10
  OWASP Foundation Web Respository
  ☆33Updated 2 weeks ago
• praetorian-inc / konstellation
  Konstellation is a configuration-driven CLI tool to enumerate cloud resources and store the data into Neo4j.
  ☆19Updated last year
• NotSoSecure / cloud-sec-wiki
  Jekyll Files for cloudsecwiki.com
  ☆49Updated 3 years ago
• messypoutine / gravy-overflow
  A GitHub Actions Supply Chain CTF / Goat
  ☆16Updated 3 months ago
• hac01 / gcp-iam-brute
  ☆39Updated 3 months ago
• hupe1980 / awsrecon
  Tool for reconnaissance of AWS cloud environments
  ☆13Updated 11 months ago
• vectra-ai-research / log4j-aws-sandbox
  A set of AWS resources for testing the Log4Shell vulnerability, deployable with terraform
  ☆12Updated 2 years ago
• modulexcite / attacking-and-auditing-docker-containers-and-kubernetes-clusters
  Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters
  ☆13Updated 4 years ago
• Rezonate-io / github-oidc-checker
  Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts
  ☆56Updated last year
• lightspin-tech / red-shadow
  Lightspin AWS IAM Vulnerability Scanner
  ☆96Updated 3 years ago
• twistlock / sa-hunter
  Correlates serviceaccounts and pods to the permissions granted to them via rolebindings and clusterrolesbindings.
  ☆34Updated 2 years ago
• nccgroup / cowcloud
  ☆58Updated last year