doyensec/cloudsec-tidbits external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

doyensec/cloudsec-tidbits

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/doyensec/cloudsec-tidbits)

Close

doyensec / cloudsec-tidbitsView on GitHubMore

• External links
• Readme badge

Blogpost series showcasing interesting cloud - web app security bugs

☆48Jun 13, 2023Updated 2 years ago

Alternatives and similar repositories for cloudsec-tidbits

Users that are interested in cloudsec-tidbits are comparing it to the libraries listed below

• doyensec / CVE-2022-39299_PoC_Generator

  View on GitHub
  A Simple CVE-2022-39299 PoC exploit generator to bypass authentication in SAML SSO Integrations using vulnerable versions of passport-sam…
  ☆19Feb 8, 2023Updated 3 years ago
• doyensec / PESD-Exporter-Extension

  View on GitHub
  PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams
  ☆107Jan 30, 2025Updated last year
• BishopFox / awsservicemap

  View on GitHub
  Go module that returns supported regions for a service or supported services for a region
  ☆18Dec 12, 2025Updated 3 months ago
• codewhitesec / apollon

  View on GitHub
  Proof-of-Concept to evade auditd by writing /proc/PID/mem
  ☆24Aug 21, 2023Updated 2 years ago
• doyensec / oidc-ssrf

  View on GitHub
  An Evil OIDC Server
  ☆53Oct 19, 2022Updated 3 years ago
• stephenbradshaw / aws_url_signer

  View on GitHub
  POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF
  ☆59Sep 20, 2023Updated 2 years ago
• Hacking-the-Cloud / htc-ctfs

  View on GitHub
  Holds the public Hacking the Cloud CTFs.
  ☆63Feb 28, 2024Updated 2 years ago
• naman16 / AWS-Security-Guardrails-TF

  View on GitHub
  ☆31Oct 28, 2024Updated last year
• pwnedlabs / automated-cloud-misconfiguration-testing

  View on GitHub
  Automated Cloud Misconfiguration Testing
  ☆22Jun 20, 2025Updated 9 months ago
• pentagridsec / 5-AFL-suite-docker

  View on GitHub
  Dockerfile for AFL++ and helpful other tools
  ☆21May 5, 2020Updated 5 years ago
• orangetw / JNDI-Injection-Bypass

  View on GitHub
  Some payloads of JNDI Injection in JDK 1.8.0_191+
  ☆10Mar 24, 2020Updated 5 years ago
• righteousgambit / quiet-riot

  View on GitHub
  Unauthenticated enumeration of AWS, Azure, and GCP Principals
  ☆284Nov 27, 2025Updated 3 months ago
• devops-kung-fu / trustier

  View on GitHub
  Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev
  ☆10May 19, 2025Updated 10 months ago
• MartinIngesen / MSOLSpray

  View on GitHub
  A Python implementation of dafthack's MSOLSpray. A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if …
  ☆95Jun 6, 2024Updated last year
• semgr8ns / semgr8s

  View on GitHub
  Semgrep-based Policy Controller for Kubernetes
  ☆47Apr 4, 2025Updated 11 months ago
• Frichetten / SneakyEndpoints

  View on GitHub
  Hide from the InstanceCredentialExfiltration GuardDuty finding by using VPC Endpoints
  ☆121Jul 13, 2025Updated 8 months ago
• adanalvarez / TrailAlerts

  View on GitHub
  TrailAlerts is a AWS-native, serverless cloud-detection tool that lets you define simple rules as code and get rich alerts about events i…
  ☆51Nov 9, 2025Updated 4 months ago
• codyburkard / azol

  View on GitHub
  Azure Offensive Library
  ☆17Oct 18, 2025Updated 5 months ago
• tehryanx / sourcemapper

  View on GitHub
  Reconstruct javascript from a sourcemap in bash
  ☆38Nov 23, 2021Updated 4 years ago
• doyensec / Prototype-Pollution-Gadgets-Finder

  View on GitHub
  ☆93Apr 29, 2024Updated last year
• BishopFox / iam-vulnerable

  View on GitHub
  Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.
  ☆553Mar 12, 2026Updated last week
• appsecco / devsecops-using-cloudnative-workshop

  View on GitHub
  This repo contains workshop material delivered at #nullcon2020
  ☆16Mar 6, 2020Updated 6 years ago
• intruder-io / rebind-server

  View on GitHub
  A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers
  ☆19Jun 9, 2023Updated 2 years ago
• BishopFox / cloudfoxable

  View on GitHub
  Create your own vulnerable by design AWS penetration testing playground
  ☆438Feb 16, 2026Updated last month
• silentsignal / wpc

  View on GitHub
  Windows Privesc Check
  ☆20May 20, 2014Updated 11 years ago
• trustoncloud / threatmodel-for-aws-s3

  View on GitHub
  Threat model for Amazon S3 - Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach
  ☆157Mar 3, 2026Updated 2 weeks ago
• wiz-sec / open-cvdb

  View on GitHub
  An open project to list all publicly known cloud vulnerabilities and CSP security issues
  ☆380Sep 19, 2025Updated 6 months ago
• ch33kyf3ll0w / Invoke-InstallUtilNSExec.ps1

  View on GitHub
  Uses InstallUtil.exe to load a compatible executable from a network share.
  ☆12Mar 8, 2016Updated 10 years ago
• yaya2devops / linuxmap

  View on GitHub
  Roadmap to become a Linux-Fine
  ☆10Jul 13, 2024Updated last year
• tehmoon / http-fuzzer

  View on GitHub
  ☆12Apr 21, 2020Updated 5 years ago
• a7t0fwa7 / windows-ps-callbacks-experiments

  View on GitHub
  Files for http://deniable.org/windows/windows-callbacks
  ☆26Jul 9, 2020Updated 5 years ago
• nccgroup / dapr

  View on GitHub
  Driver Attack Platform for Linux
  ☆18Mar 2, 2023Updated 3 years ago
• TROUBLE-1 / White-box-pentesting

  View on GitHub
  This lab is created to demonstrate pass-the-hash, blind sql and SSTI vulnerabilities
  ☆93Jun 11, 2023Updated 2 years ago
• hakaioffsec / gcp_enum

  View on GitHub
  A Python script to authenticate and test access to Google Cloud Platform (GCP) resources.
  ☆17Jan 31, 2024Updated 2 years ago
• singe / fast-permute

  View on GitHub
  A fast python tool for creating permutations of alphanumerics
  ☆11Mar 22, 2020Updated 6 years ago
• d0uble3L / technical-challenge-controls-deployment

  View on GitHub
  Technical Challenge (Controls Deployment)
  ☆24Nov 28, 2025Updated 3 months ago
• hackvertor / shadow-repeater

  View on GitHub
  ☆42Nov 15, 2025Updated 4 months ago
• CyberSecArmy / AWS-Offensive-Exploitation---Pentesting

  View on GitHub
  This repository mainly focuses on various techniques, tools, frameworks and approach to perform offensive exploitation of AWS infrastruct…
  ☆12Jun 12, 2019Updated 6 years ago
• VoidSec / CVE-2019-5624

  View on GitHub
  A proof of concept for Metasploit's CVE-2019-5624 vulnerability (Rubyzip insecure ZIP handling RCE)
  ☆13May 2, 2019Updated 6 years ago