nemo-wq / privilege_escalation
Lab exercises to practice privilege escalation scenarios in AWS IAM. These exercises and the slides go through the basics behind AWS IAM, common weaknesses in AWS deployments, specific to IAM, and how to exploit them manually. This was run as a workshop at BruCon 2019.
☆16Updated 5 years ago
Related projects ⓘ
Alternatives and complementary repositories for privilege_escalation
- Slides of the talk on Injection attacks in apps with NoSQL Backends, given at null OWASP Bangalore monthly meet on 27th April 2019☆22Updated 5 years ago
- A Burp Suite content discovery plugin that add the smart into the Buster!☆31Updated 6 years ago
- This is a Burpsuite plugin built to enable you to import your directory bruteforcing results into burp for easy viewing later. This is an…☆36Updated last year
- Collection of different exploitation scenarios of JWT.☆21Updated 3 years ago
- ☆35Updated 4 years ago
- dummy shopping site for whitebox pentestig☆9Updated 2 years ago
- Pivot into private VPC networks using a VPN connection☆41Updated 5 years ago
- View screenshots as a slideshow over http☆15Updated 4 years ago
- Nmap NSE script to detect Pulse Secure SSL VPN file disclosure CVE-2019-11510☆18Updated 5 years ago
- A simple grep user interface for searching code which can be used for SAST.☆8Updated 5 years ago
- A central place to keep track of relevant BountyMachine talks, blogs, and interesting things!☆33Updated 6 years ago
- Bug Bounty Clipboard☆17Updated 5 years ago
- ☆10Updated 5 years ago
- Take a list of URIs and print all the of the paths☆10Updated 4 years ago
- String or worldlist encoder for use in fuzzing or web application testing☆17Updated 5 years ago
- A multi-threaded scanner that helps identify CORS flaws/misconfigurations☆18Updated 5 years ago
- ☆20Updated 5 years ago
- A collection of slides, videos, and proof-of-concept scripts from various Rhino presentations.☆37Updated 6 years ago
- A collection of OSCE preparation resources.☆23Updated 5 years ago
- Scan and import relevant requests directly to burp!☆9Updated 5 years ago
- Terraform configuration to build a Burp Private Collaborator Server☆25Updated 7 years ago
- Python tool for expired domain discovery in crossdomain.xml files☆22Updated 7 years ago
- An enumeration and exploitation toolkit using RFC calls to SAP☆36Updated 4 years ago
- Scripts that I've written that others may find useful☆14Updated 2 years ago
- a python tool used to scan for Open redirection vulnerability☆19Updated 6 years ago
- The project is called GreatSCT (Great Scott). GreatSCT is an open source project to generate application white list bypasses. This tool i…☆28Updated 6 years ago
- A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.☆26Updated 5 years ago