dxa4481 / gcploit
These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok
☆171Updated last month
Alternatives and similar repositories for gcploit:
Users that are interested in gcploit are comparing it to the libraries listed below
- ☆134Updated 2 years ago
- IAMFinder enumerates and finds users and IAM roles in a target AWS account.☆111Updated 4 years ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆134Updated 4 years ago
- This repo gives an overview of some GCP metadata API attack and defend patterns☆76Updated 5 years ago
- ☆23Updated last year
- A Docker container for remote penetration testing.☆135Updated 4 years ago
- Hide from the InstanceCredentialExfiltration GuardDuty finding by using VPC Endpoints☆113Updated last year
- 🖇️ STRIDE vs. ASVS equivalence table☆76Updated 7 months ago
- Route53/CloudFront Vulnerability Assessment Utility☆85Updated last year
- A MITRE ATT&CK Navigator export for AWS GuardDuty Findings☆137Updated 3 years ago
- CONVEX is a group of CTFs that are independently deployable into participant Azure environments.☆138Updated 2 years ago
- Search exposed EBS volumes for secrets☆297Updated last year
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆76Updated 3 years ago
- ☆28Updated 4 years ago
- Pentester-focused Docker registry tool to enumerate and pull images☆106Updated 5 years ago
- 'Continuous' AWS perimeter monitoring: Periodically scan internet facing AWS resources to detect misconfigured services.☆64Updated 5 years ago
- ☆172Updated last year
- Scans Slack for API tokens, credentials, passwords, and more using YARA rules☆39Updated 4 years ago
- GCP CSPM using Google Sheets☆35Updated 9 months ago
- Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.☆165Updated 5 months ago
- ☆63Updated 2 years ago
- Red Team Scripts for AWS.☆168Updated 4 years ago
- Open source security career ladders☆115Updated 2 years ago
- Presentations, training modules, and other education materials from Duo Security's Application Security team.☆73Updated 3 years ago
- Cloud-related research releases from the Rhino Security Labs team.☆384Updated 4 years ago
- A simple file-based scanner to look for potential AWS access and secret keys in files☆91Updated last year
- Research on the enumeration of IAM permissions without logging to CloudTrail☆60Updated 3 years ago
- Compilation of resources to help with Adversary Simulation automation harness☆99Updated 4 years ago
- Dorothy is a tool to test security monitoring and detection for Okta environments☆178Updated 7 months ago
- materials we hand out☆142Updated last week