Blogpost series showcasing interesting cloud - web app security bugs
☆50Jun 13, 2023Updated 2 years ago
Alternatives and similar repositories for cloudsec-tidbits
Users that are interested in cloudsec-tidbits are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆107Jan 30, 2025Updated last year
- Go module that returns supported regions for a service or supported services for a region☆18Dec 12, 2025Updated 4 months ago
- Proof-of-Concept to evade auditd by writing /proc/PID/mem☆25Aug 21, 2023Updated 2 years ago
- An Evil OIDC Server☆53Oct 19, 2022Updated 3 years ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆59Sep 20, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Holds the public Hacking the Cloud CTFs.☆63Feb 28, 2024Updated 2 years ago
- Determine privileges from cloud credentials via brute-force testing.☆69Aug 22, 2024Updated last year
- Automated Cloud Misconfiguration Testing☆25Jun 20, 2025Updated 9 months ago
- Dockerfile for AFL++ and helpful other tools☆21May 5, 2020Updated 5 years ago
- Some payloads of JNDI Injection in JDK 1.8.0_191+☆10Mar 24, 2020Updated 6 years ago
- Unauthenticated enumeration of AWS, Azure, and GCP Principals☆285Nov 27, 2025Updated 4 months ago
- Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev☆10May 19, 2025Updated 10 months ago
- Semgrep-based Policy Controller for Kubernetes☆47Apr 4, 2025Updated last year
- Hide from the InstanceCredentialExfiltration GuardDuty finding by using VPC Endpoints☆121Jul 13, 2025Updated 8 months ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- TrailAlerts is a AWS-native, serverless cloud-detection tool that lets you define simple rules as code and get rich alerts about events i…☆51Apr 5, 2026Updated last week
- Dependency Confusion Security Testing Tool☆51Jul 21, 2022Updated 3 years ago
- Azure Offensive Library☆17Oct 18, 2025Updated 5 months ago
- Reconstruct javascript from a sourcemap in bash☆37Nov 23, 2021Updated 4 years ago
- A Server Side Request Forgery (SSRF) protection library. Made with 🖤 by Doyensec LLC.☆111Jun 4, 2025Updated 10 months ago
- This repo contains workshop material delivered at #nullcon2020☆16Mar 6, 2020Updated 6 years ago
- A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers☆19Jun 9, 2023Updated 2 years ago
- Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.☆560Mar 12, 2026Updated last month
- Threat model for Amazon S3 - Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach☆158Mar 20, 2026Updated 3 weeks ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Uses InstallUtil.exe to load a compatible executable from a network share.☆12Mar 8, 2016Updated 10 years ago
- Roadmap to become a Linux-Fine☆10Jul 13, 2024Updated last year
- PoC: process watcher patterns to make killing a process hard.☆11Aug 1, 2018Updated 7 years ago
- Files for http://deniable.org/windows/windows-callbacks☆26Jul 9, 2020Updated 5 years ago
- Linux CS bypass technique☆33Feb 4, 2025Updated last year
- A Python script to authenticate and test access to Google Cloud Platform (GCP) resources.☆16Jan 31, 2024Updated 2 years ago
- A fast python tool for creating permutations of alphanumerics☆11Mar 22, 2020Updated 6 years ago
- ☆230Mar 27, 2026Updated 2 weeks ago
- This repository mainly focuses on various techniques, tools, frameworks and approach to perform offensive exploitation of AWS infrastruct…☆12Jun 12, 2019Updated 6 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- CNAPPgoat is an open source project designed to modularly provision vulnerable-by-design components in cloud environments.☆293Sep 4, 2024Updated last year
- A proof of concept for Metasploit's CVE-2019-5624 vulnerability (Rubyzip insecure ZIP handling RCE)☆13May 2, 2019Updated 6 years ago
- Konstellation is a configuration-driven CLI tool to enumerate cloud resources and store the data into Neo4j.☆34Feb 15, 2026Updated last month
- Proof-of-Concept to evade auditd by tampering via ptrace☆19Aug 3, 2023Updated 2 years ago
- All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments. Currently supports Amazon EKS.☆373Apr 1, 2026Updated last week
- A tool for secrets management, encryption as a service, and privileged access management☆12Jul 17, 2025Updated 8 months ago
- WebSocket REPL for pentesters☆234Jul 24, 2024Updated last year