nemo-wq / privilege_escalation
Lab exercises to practice privilege escalation scenarios in AWS IAM. These exercises and the slides go through the basics behind AWS IAM, common weaknesses in AWS deployments, specific to IAM, and how to exploit them manually. This was run as a workshop at BruCon 2019.
☆16Updated 5 years ago
Alternatives and similar repositories for privilege_escalation:
Users that are interested in privilege_escalation are comparing it to the libraries listed below
- Slides of the talk on Injection attacks in apps with NoSQL Backends, given at null OWASP Bangalore monthly meet on 27th April 2019☆22Updated 5 years ago
- Collection of different exploitation scenarios of JWT.☆21Updated 3 years ago
- A Burp Suite content discovery plugin that add the smart into the Buster!☆31Updated 7 years ago
- ☆38Updated 4 years ago
- Scripts for OSCE☆18Updated 6 years ago
- Nmap NSE script to detect Pulse Secure SSL VPN file disclosure CVE-2019-11510☆18Updated 5 years ago
- This is a Burpsuite plugin built to enable you to import your directory bruteforcing results into burp for easy viewing later. This is an…☆36Updated 2 years ago
- A Pythonic wrapper to MassDNS☆24Updated 7 years ago
- A simple grep user interface for searching code which can be used for SAST.☆8Updated 5 years ago
- A Burp Extender plugin that will allow you to tamper with requests containing compressed, serialized java objects.☆24Updated 6 years ago
- ☆10Updated 6 years ago
- dankAlerts is powered by Sysmon and Memes. Would you notice if a suspicious process was recorded in the event log?☆18Updated 4 years ago
- LetMeOutOfYour.net Resources☆20Updated 4 years ago
- This repo will contain slides and information from the Attacking Active Directory Hacking Series talks presented at SecKC.☆32Updated 9 months ago
- Yet another open S3 bucket finder☆20Updated 7 years ago
- AWS S3 Bucket/Object Finder☆25Updated 7 years ago
- CTF Writeups☆12Updated 2 years ago
- Pivot into private VPC networks using a VPN connection☆41Updated 5 years ago
- Python tool for expired domain discovery in crossdomain.xml files☆23Updated 8 years ago
- Updated 6 years ago
- Alphanumeric Encoder☆25Updated 6 years ago
- BurpSuite's payload-generation extension aiming at applying fuzzed test-cases depending on the type of payload (integer, string, path; JS…☆39Updated 4 years ago
- PHP tool to test XSS☆22Updated 5 years ago
- A collection of OSCE preparation resources.☆24Updated 5 years ago
- Insecure Deserialization, PDF and lab☆17Updated 5 years ago
- Journey to conquer the OSCP!☆13Updated 5 years ago
- A multi-threaded scanner that helps identify CORS flaws/misconfigurations☆19Updated 5 years ago
- Generate pentest reports based on github issues.☆17Updated 2 years ago
- Pythonize Intruder Payload☆13Updated 4 years ago
- Take a list of URIs and print all the of the paths☆10Updated 4 years ago