Vulnerable by Design AWS Cloud Development Kit (CDK) Infrastructure
☆49Dec 29, 2023Updated 2 years ago
Alternatives and similar repositories for cdk-goat
Users that are interested in cdk-goat are comparing it to the libraries listed below
Sorting:
- Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols.☆23Aug 30, 2024Updated last year
- Listing of resources for example AWS Service Control Policies (SCPs)☆17Jan 10, 2024Updated 2 years ago
- ☆18Jul 30, 2024Updated last year
- This is a custom SSM agent which is sorta functional☆17Jul 5, 2021Updated 4 years ago
- Create tar/zip archives that try to exploit zipslip vulnerability.☆48Sep 20, 2024Updated last year
- Protect against subdomain takeover☆95Jul 20, 2025Updated 7 months ago
- Security Alert Decoration☆27Jul 21, 2025Updated 7 months ago
- This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs☆39Sep 25, 2024Updated last year
- Deploy Kubernetes Helm Charts for Check Point CloudGuard☆19Oct 21, 2025Updated 4 months ago
- Public repository to provide guidance and examples for people to start learning IaC. This repository also contains some open-hack style l…☆23Jun 14, 2023Updated 2 years ago
- ☆25Jun 27, 2024Updated last year
- A GitHub Actions Supply Chain CTF / Goat☆26Jan 6, 2026Updated 2 months ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆59Sep 20, 2023Updated 2 years ago
- ☆23Sep 20, 2024Updated last year
- Convert cloudtrail data to MITRE ATT&CK Sightings☆82Jul 25, 2022Updated 3 years ago
- A set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate in as simple a p…☆30Nov 30, 2025Updated 3 months ago
- ☆13May 17, 2016Updated 9 years ago
- Yet Another SCA tool☆13Nov 10, 2022Updated 3 years ago
- CVE-2022-31245: RCE and domain admin privilege escalation for Mailcow☆12Jul 25, 2022Updated 3 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- A simple web app to get the latest EPSS data for a CVE ID☆12Dec 14, 2025Updated 2 months ago
- Launches a limited shell using PowerShell Runspaces with an optional AMSI Bypass. Does not invoke Powershell.exe☆13Dec 11, 2023Updated 2 years ago
- This application was built to help reduce the amount of time it takes to review AWS Lambda code.☆61Nov 11, 2024Updated last year
- ☆186Updated this week
- Conference talk slides and code☆11Aug 6, 2020Updated 5 years ago
- Deliberately vulnerable AWS resources for security assessment demos☆32Aug 20, 2022Updated 3 years ago
- Chaos Engineering recipes on the Google Cloud Platform☆27Feb 20, 2026Updated 2 weeks ago
- Configurable, Community driven, HTTP C2 Profile☆28Feb 16, 2026Updated 2 weeks ago
- Collection of example Service Control Policies (SCPs) that are useful for sandbox and training AWS accounts.☆161Dec 22, 2025Updated 2 months ago
- ☆72Oct 24, 2025Updated 4 months ago
- Tool for signing and verifying the integrity of CloudFormation templates☆15Feb 16, 2023Updated 3 years ago
- A guide to simplify the process of evaluating Datadog's Cloud SIEM security capabilities to detect AWS threats.☆19Jul 24, 2023Updated 2 years ago
- Scripts to automate standing up C2 infra with firewall settings inside of DigitalOcean.☆18Feb 5, 2021Updated 5 years ago
- python3 scripts to help with aws triage needs☆15Feb 11, 2022Updated 4 years ago
- Create your own vulnerable by design AWS penetration testing playground☆437Feb 16, 2026Updated 2 weeks ago
- An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails c…☆166Oct 9, 2024Updated last year
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…☆113Nov 13, 2024Updated last year
- Gordon is status check Github app to enforce and validate about.yaml file specifications in a repository during pull requests to drive co…☆20Feb 4, 2025Updated last year
- Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded☆80Mar 2, 2026Updated last week