nemo-wq / privilege_escalation
Lab exercises to practice privilege escalation scenarios in AWS IAM. These exercises and the slides go through the basics behind AWS IAM, common weaknesses in AWS deployments, specific to IAM, and how to exploit them manually. This was run as a workshop at BruCon 2019.
☆16Updated 5 years ago
Alternatives and similar repositories for privilege_escalation:
Users that are interested in privilege_escalation are comparing it to the libraries listed below
- This is a Burpsuite plugin built to enable you to import your directory bruteforcing results into burp for easy viewing later. This is an…☆36Updated last year
- Pivot into private VPC networks using a VPN connection☆41Updated 5 years ago
- A Burp Suite content discovery plugin that add the smart into the Buster!☆31Updated 7 years ago
- Scripts and tools for AWS Pentest☆51Updated 4 years ago
- Nmap NSE script to detect Pulse Secure SSL VPN file disclosure CVE-2019-11510☆18Updated 5 years ago
- AWS S3 Bucket/Object Finder☆25Updated 7 years ago
- Slides of the talk on Injection attacks in apps with NoSQL Backends, given at null OWASP Bangalore monthly meet on 27th April 2019☆22Updated 5 years ago
- LetMeOutOfYour.net Resources☆20Updated 4 years ago
- Scripts for OSCE☆18Updated 6 years ago
- Script to parse multiple Nmap .gnmap exports into various plain-text formats for easy analysis.☆23Updated 10 years ago
- ☆38Updated 4 years ago
- Collaborative web dashboard for RedTeam pentesters☆21Updated 5 years ago
- An enumeration and exploitation toolkit using RFC calls to SAP☆37Updated 5 years ago
- A central place to keep track of relevant BountyMachine talks, blogs, and interesting things!☆33Updated 6 years ago
- Pythonize Intruder Payload☆13Updated 4 years ago
- A collection of OSCE preparation resources.☆24Updated 5 years ago
- Yet another open S3 bucket finder☆20Updated 6 years ago
- ☆20Updated 5 years ago
- Burp Suite Importer - Connect to multiple web servers while populating the sitemap.☆48Updated 4 years ago
- A Pythonic wrapper to MassDNS☆24Updated 6 years ago
- ☆28Updated 8 years ago
- A simple grep user interface for searching code which can be used for SAST.☆8Updated 5 years ago
- ☆34Updated 4 years ago
- Zone transfers for rwhois☆20Updated 5 years ago
- An AWS Lambda vulnerable application written in flask.☆48Updated 7 years ago
- Collection of different exploitation scenarios of JWT.☆21Updated 3 years ago
- This repo will contain slides and information from the Attacking Active Directory Hacking Series talks presented at SecKC.☆32Updated 7 months ago
- Report and finding templates used by the Serpico reporting tool☆16Updated 6 years ago
- Alphanumeric Encoder☆25Updated 6 years ago
- The project is called GreatSCT (Great Scott). GreatSCT is an open source project to generate application white list bypasses. This tool i…☆29Updated 6 years ago