A curated list of Awesome Security Challenges.
☆211Nov 6, 2024Updated last year
Alternatives and similar repositories for awesome-sec-challenges
Users that are interested in awesome-sec-challenges are comparing it to the libraries listed below
Sorting:
- Cloud Commotion intends to cause chaos to simulate security incidents☆146Jun 18, 2024Updated last year
- ☆117Feb 11, 2026Updated 3 weeks ago
- ## Auto-archived due to inactivity. ## Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Securit…☆37Oct 17, 2024Updated last year
- A cloud security tool to search and clean up unused AWS access keys, written in Go.☆52Sep 2, 2022Updated 3 years ago
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆142Feb 26, 2026Updated last week
- Create your own vulnerable by design AWS penetration testing playground☆437Feb 16, 2026Updated 3 weeks ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆61May 15, 2023Updated 2 years ago
- ☆22Jul 24, 2025Updated 7 months ago
- Autonomous AI C2☆33Jul 23, 2024Updated last year
- Public repository to provide guidance and examples for people to start learning IaC. This repository also contains some open-hack style l…☆23Jun 14, 2023Updated 2 years ago
- ☆24Mar 20, 2023Updated 2 years ago
- Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.☆1,889Oct 1, 2025Updated 5 months ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆59Sep 20, 2023Updated 2 years ago
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment☆495Jun 27, 2025Updated 8 months ago
- An AI-powered tool for discovering privilege escalation opportunities in AWS IAM configurations.☆120Feb 4, 2026Updated last month
- Harness the security superpowers of your cloud asset inventory☆11Sep 22, 2024Updated last year
- A GitHub Actions Supply Chain CTF / Goat☆26Jan 6, 2026Updated 2 months ago
- This application was built to help reduce the amount of time it takes to review AWS Lambda code.☆61Nov 11, 2024Updated last year
- Curated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWS…☆1,527Jan 28, 2026Updated last month
- Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and s…☆422Dec 28, 2024Updated last year
- An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)☆127Jul 14, 2024Updated last year
- ☆40Nov 29, 2024Updated last year
- CLI to prevent malicious Terraform Providers from being executed. You can define the allow list of Terraform Providers and their versions…☆88Updated this week
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments☆142Jan 2, 2025Updated last year
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆289Feb 5, 2024Updated 2 years ago
- An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…☆174Feb 22, 2026Updated 2 weeks ago
- Awesome secure by default libraries to help you eliminate bug classes!☆700Dec 6, 2025Updated 3 months ago
- ☆18Jul 30, 2024Updated last year
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…☆113Nov 13, 2024Updated last year
- This repo contains IOC, malware and malware analysis associated with Public cloud☆249Nov 11, 2024Updated last year
- A PoC to Simulate Ransomware Attack on AWS Environment☆33Oct 14, 2024Updated last year
- EKS NG AMI Updater is an open source project that can be used to update kubernetes node group images.☆28Updated this week
- Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).☆89Jan 28, 2024Updated 2 years ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆118Mar 3, 2026Updated last week
- HoneyZure is a honeypot tool specifically designed for Azure environments, fully provisioned through Terraform. It leverages a Log Analyt…☆17Jun 11, 2024Updated last year
- GCP GOAT is the vulnerable application for learn the GCP Security☆71May 20, 2025Updated 9 months ago
- Blogpost series showcasing interesting cloud - web app security bugs☆48Jun 13, 2023Updated 2 years ago
- K8s Network Policy Migrator is a tool to migrate Calico or Cilium custom network policies to Kubernetes native network policy. The tool o…☆32Aug 29, 2023Updated 2 years ago
- CONVEX is a group of CTFs that are independently deployable into participant Azure environments.☆140May 16, 2022Updated 3 years ago