messypoutine / gravy-overflow
A GitHub Actions Supply Chain CTF / Goat
☆17Updated last month
Alternatives and similar repositories for gravy-overflow:
Users that are interested in gravy-overflow are comparing it to the libraries listed below
- ☆32Updated 7 months ago
- ☆58Updated last year
- A PoC to Simulate Ransomware Attack on AWS Environment☆30Updated 5 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆40Updated last year
- ☆43Updated 9 months ago
- Determine privileges from cloud credentials via brute-force testing.☆67Updated 6 months ago
- HoneyZure is a honeypot tool specifically designed for Azure environments, fully provisioned through Terraform. It leverages a Log Analyt…☆16Updated 9 months ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆58Updated last year
- This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs☆36Updated 5 months ago
- A set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate in as simple a p…☆29Updated 2 months ago
- ☆55Updated last year
- A steampipe plugin to query projectdiscovery.io tools.☆26Updated 7 months ago
- ☆13Updated last year
- ☆38Updated 4 months ago
- ☆31Updated 3 years ago
- Blogpost series showcasing interesting cloud - web app security bugs☆47Updated last year
- Create tar/zip archives that try to exploit zipslip vulnerability.☆47Updated 6 months ago
- ☆20Updated 2 years ago
- Konstellation is a configuration-driven CLI tool to enumerate cloud resources and store the data into Neo4j.☆21Updated last year
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆22Updated last week
- A set of AWS resources for testing the Log4Shell vulnerability, deployable with terraform☆12Updated 3 years ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆60Updated last year
- A vulnerable environment for exploring common GCP misconfigurations and vulnerabilities☆26Updated 8 months ago
- Vulnerable by Design AWS Cloud Development Kit (CDK) Infrastructure☆46Updated last year
- A web security research tool for DOM testing☆19Updated this week
- Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols.☆21Updated 6 months ago
- ☆17Updated 2 years ago
- WAF bypass PoC☆46Updated last year
- Enumerate AWS permissions and resources.☆67Updated 2 years ago
- A combined list of helpful awscli commands from Scott Piper's flaws.cloud exercise as well as from Beau Bullock's Breaching the Cloud Tra…☆19Updated 4 years ago