dxa4481 / gcploitLinks
These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok
☆173Updated 3 months ago
Alternatives and similar repositories for gcploit
Users that are interested in gcploit are comparing it to the libraries listed below
Sorting:
- ☆137Updated 2 years ago
- IAMFinder enumerates and finds users and IAM roles in a target AWS account.☆111Updated 4 years ago
- A Docker container for remote penetration testing.☆135Updated 4 years ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆134Updated 5 years ago
- ☆23Updated 2 years ago
- This repo gives an overview of some GCP metadata API attack and defend patterns☆76Updated 5 years ago
- Presentations, training modules, and other education materials from Duo Security's Application Security team.☆74Updated 3 years ago
- Search exposed EBS volumes for secrets☆298Updated 2 years ago
- Dorothy is a tool to test security monitoring and detection for Okta environments☆182Updated 9 months ago
- Playing around with Stratus Red Team (Cloud Attack simulation tool) and SumoLogic☆297Updated 2 years ago
- 🖇️ STRIDE vs. ASVS equivalence table☆76Updated 9 months ago
- CONVEX is a group of CTFs that are independently deployable into participant Azure environments.☆140Updated 3 years ago
- Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.☆168Updated 7 months ago
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆76Updated 3 years ago
- Adversary Simulators High-Fidelity Intelligence and Reporting Toolkit☆164Updated this week
- ☆28Updated 4 years ago
- ☆174Updated 2 years ago
- Open source security career ladders☆115Updated 2 years ago
- ☆63Updated 2 years ago
- Cloud-related research releases from the Rhino Security Labs team.☆388Updated 5 years ago
- Compilation of resources to help with Adversary Simulation automation harness☆100Updated 4 years ago
- Automated Attack Simulation in the Cloud, complete with detection use cases.☆577Updated 6 months ago
- Research on the enumeration of IAM permissions without logging to CloudTrail☆61Updated 3 years ago
- A MITRE ATT&CK Navigator export for AWS GuardDuty Findings☆137Updated 3 years ago
- ☆65Updated last year
- Find cloud assets that no one wants exposed 🔎 ☁️☆345Updated 4 years ago
- GCP GOAT is the vulnerable application for learn the GCP Security☆64Updated 2 weeks ago
- Google Cloud Platform Security Tool☆234Updated 5 years ago
- A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.☆385Updated last year
- Hide from the InstanceCredentialExfiltration GuardDuty finding by using VPC Endpoints☆116Updated last year