dxa4481 / gcploit
These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok
☆165Updated last year
Related projects ⓘ
Alternatives and complementary repositories for gcploit
- This repo gives an overview of some GCP metadata API attack and defend patterns☆76Updated 4 years ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆133Updated 4 years ago
- ☆133Updated last year
- Search exposed EBS volumes for secrets☆286Updated last year
- ☆23Updated last year
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆74Updated 2 years ago
- A Docker container for remote penetration testing.☆133Updated 3 years ago
- Kubernetes Pwnage for all☆54Updated 4 years ago
- ☆28Updated 4 years ago
- Automated Attack Simulation in the Cloud, complete with detection use cases.☆499Updated this week
- Presentations, training modules, and other education materials from Duo Security's Application Security team.☆71Updated 3 years ago
- IAMFinder enumerates and finds users and IAM roles in a target AWS account.☆109Updated 4 years ago
- Adversary Simulators High-Fidelity Intelligence and Reporting Toolkit☆151Updated this week
- CONVEX is a group of CTFs that are independently deployable into participant Azure environments.☆137Updated 2 years ago
- Cloud-related research releases from the Rhino Security Labs team.☆356Updated 4 years ago
- Find cloud assets that no one wants exposed 🔎 ☁️☆332Updated 4 years ago
- Research on the enumeration of IAM permissions without logging to CloudTrail☆60Updated 3 years ago
- ☆61Updated last year
- 🖇️ STRIDE vs. ASVS equivalence table☆75Updated 2 months ago
- A simple file-based scanner to look for potential AWS access and secret keys in files☆89Updated 8 months ago
- Dorothy is a tool to test security monitoring and detection for Okta environments☆175Updated 3 months ago
- Google Cloud Platform Security Tool☆232Updated 5 years ago
- A MITRE ATT&CK Navigator export for AWS GuardDuty Findings☆136Updated 3 years ago
- Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.☆159Updated 3 weeks ago
- Hide from the InstanceCredentialExfiltration GuardDuty finding by using VPC Endpoints☆113Updated last year
- A small set of scripts to summarize AWS Security Groups, and generate visualizations of the rules.☆62Updated 4 years ago
- Remote Memory Acquisition Tool☆242Updated 4 years ago
- ☆20Updated 3 years ago
- Scans Slack for API tokens, credentials, passwords, and more using YARA rules☆38Updated 3 years ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆58Updated last year