Blogpost series showcasing interesting cloud - web app security bugs
☆49Jun 13, 2023Updated 2 years ago
Alternatives and similar repositories for cloudsec-tidbits
Users that are interested in cloudsec-tidbits are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A Simple CVE-2022-39299 PoC exploit generator to bypass authentication in SAML SSO Integrations using vulnerable versions of passport-sam…☆19Feb 8, 2023Updated 3 years ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆107Jan 30, 2025Updated last year
- Go module that returns supported regions for a service or supported services for a region☆18Dec 12, 2025Updated 4 months ago
- PoC's and Slides from 'Gophers, whales and.. clouds? Oh my!' BSides Wellington presentation by Glenn 'devalias' Grant☆16Mar 3, 2018Updated 8 years ago
- Proof-of-Concept to evade auditd by writing /proc/PID/mem☆26Aug 21, 2023Updated 2 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- An Evil OIDC Server☆53Oct 19, 2022Updated 3 years ago
- Holds the public Hacking the Cloud CTFs.☆64Feb 28, 2024Updated 2 years ago
- Determine privileges from cloud credentials via brute-force testing.☆69Aug 22, 2024Updated last year
- ☆31Oct 28, 2024Updated last year
- Automated Cloud Misconfiguration Testing☆25Jun 20, 2025Updated 10 months ago
- Dockerfile for AFL++ and helpful other tools☆21May 5, 2020Updated 5 years ago
- Some payloads of JNDI Injection in JDK 1.8.0_191+☆10Mar 24, 2020Updated 6 years ago
- Unauthenticated enumeration of AWS, Azure, and GCP Principals☆286Nov 27, 2025Updated 5 months ago
- Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev☆10May 19, 2025Updated 11 months ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- A Python implementation of dafthack's MSOLSpray. A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if …☆95Jun 6, 2024Updated last year
- A prompt-based pipeline for finding, validating, and proving vulnerabilities using LLM sub-agents.☆78Mar 27, 2026Updated last month
- Semgrep-based Policy Controller for Kubernetes☆47Apr 4, 2025Updated last year
- Hide from the InstanceCredentialExfiltration GuardDuty finding by using VPC Endpoints☆121Jul 13, 2025Updated 9 months ago
- TrailAlerts is a AWS-native, serverless cloud-detection tool that lets you define simple rules as code and get rich alerts about events i…☆52Apr 5, 2026Updated 3 weeks ago
- Dependency Confusion Security Testing Tool☆50Jul 21, 2022Updated 3 years ago
- Reconstruct javascript from a sourcemap in bash☆38Nov 23, 2021Updated 4 years ago
- ☆93Apr 29, 2024Updated 2 years ago
- This repo contains workshop material delivered at #nullcon2020☆16Mar 6, 2020Updated 6 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers☆19Jun 9, 2023Updated 2 years ago
- Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.☆566Mar 12, 2026Updated last month
- Create your own vulnerable by design AWS penetration testing playground☆443Feb 16, 2026Updated 2 months ago
- Threat model for Amazon S3 - Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach☆160Apr 15, 2026Updated 2 weeks ago
- An open project to list all publicly known cloud vulnerabilities and CSP security issues☆389Sep 19, 2025Updated 7 months ago
- PoC: process watcher patterns to make killing a process hard.☆11Aug 1, 2018Updated 7 years ago
- ☆12Apr 21, 2020Updated 6 years ago
- Roadmap to become a Linux-Fine☆10Jul 13, 2024Updated last year
- Files for http://deniable.org/windows/windows-callbacks☆26Jul 9, 2020Updated 5 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Driver Attack Platform for Linux☆18Mar 2, 2023Updated 3 years ago
- This lab is created to demonstrate pass-the-hash, blind sql and SSTI vulnerabilities☆93Jun 11, 2023Updated 2 years ago
- A Python script to authenticate and test access to Google Cloud Platform (GCP) resources.☆17Jan 31, 2024Updated 2 years ago
- Linux CS bypass technique☆33Feb 4, 2025Updated last year
- A fast python tool for creating permutations of alphanumerics☆11Mar 22, 2020Updated 6 years ago
- Technical Challenge (Controls Deployment)☆24Nov 28, 2025Updated 5 months ago
- ☆42Nov 15, 2025Updated 5 months ago