dxa4481 / gcploit
These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok
☆164Updated last year
Related projects ⓘ
Alternatives and complementary repositories for gcploit
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆133Updated 4 years ago
- This repo gives an overview of some GCP metadata API attack and defend patterns☆76Updated 4 years ago
- Search exposed EBS volumes for secrets☆285Updated last year
- ☆133Updated last year
- 🖇️ STRIDE vs. ASVS equivalence table☆75Updated 2 months ago
- A Docker container for remote penetration testing.☆133Updated 3 years ago
- IAMFinder enumerates and finds users and IAM roles in a target AWS account.☆109Updated 3 years ago
- ☆23Updated last year
- Research on the enumeration of IAM permissions without logging to CloudTrail☆60Updated 3 years ago
- A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.☆341Updated 6 months ago
- Dorothy is a tool to test security monitoring and detection for Okta environments☆175Updated 3 months ago
- ☆61Updated last year
- ☆28Updated 4 years ago
- Automated Attack Simulation in the Cloud, complete with detection use cases.☆485Updated 2 months ago
- A MITRE ATT&CK Navigator export for AWS GuardDuty Findings☆136Updated 3 years ago
- Presentations, training modules, and other education materials from Duo Security's Application Security team.☆71Updated 3 years ago
- Kubernetes Pwnage for all☆54Updated 3 years ago
- CONVEX is a group of CTFs that are independently deployable into participant Azure environments.☆137Updated 2 years ago
- Compilation of resources to help with Adversary Simulation automation harness☆100Updated 4 years ago
- Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.☆159Updated 2 weeks ago
- Scans Slack for API tokens, credentials, passwords, and more using YARA rules☆38Updated 3 years ago
- ☆20Updated 3 years ago
- Supplemental templates for securing the cloud.☆34Updated 8 months ago
- Find cloud assets that no one wants exposed 🔎 ☁️☆332Updated 4 years ago
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆74Updated 2 years ago
- A simple file-based scanner to look for potential AWS access and secret keys in files☆89Updated 7 months ago
- Cloud-related research releases from the Rhino Security Labs team.☆355Updated 4 years ago
- Adversary Simulators High-Fidelity Intelligence and Reporting Toolkit☆151Updated last week
- ☆66Updated 5 months ago
- AWS docs, guides, and other tools☆76Updated last year