nemo-wq / privilege_escalation
Lab exercises to practice privilege escalation scenarios in AWS IAM. These exercises and the slides go through the basics behind AWS IAM, common weaknesses in AWS deployments, specific to IAM, and how to exploit them manually. This was run as a workshop at BruCon 2019.
☆16Updated 4 years ago
Related projects: ⓘ
- Pivot into private VPC networks using a VPN connection☆40Updated 4 years ago
- Slides of the talk on Injection attacks in apps with NoSQL Backends, given at null OWASP Bangalore monthly meet on 27th April 2019☆22Updated 5 years ago
- ☆23Updated this week
- A Burp Suite content discovery plugin that add the smart into the Buster!☆31Updated 6 years ago
- ☆11Updated this week
- A collection of OSCE preparation resources.☆23Updated 4 years ago
- ☆10Updated this week
- This is a Burpsuite plugin built to enable you to import your directory bruteforcing results into burp for easy viewing later. This is an…☆35Updated last year
- ☆35Updated 4 years ago
- A collection of slides, videos, and proof-of-concept scripts from various Rhino presentations.☆37Updated 6 years ago
- ☆24Updated this week
- Yet another open S3 bucket finder☆19Updated 6 years ago
- Collection of different exploitation scenarios of JWT.☆21Updated 3 years ago
- Kubernetes Scanner☆41Updated 2 years ago
- A Burp Extender plugin that will allow you to tamper with requests containing compressed, serialized java objects.☆24Updated 5 years ago
- Scripts for OSCE☆18Updated 5 years ago
- Nmap NSE script to detect Pulse Secure SSL VPN file disclosure CVE-2019-11510☆18Updated 5 years ago
- A Pythonic wrapper to MassDNS☆23Updated 6 years ago
- ☆31Updated 5 years ago
- Pythonize Intruder Payload☆13Updated 3 years ago
- Scripts and tools for AWS Pentest☆51Updated 3 years ago
- ☆14Updated 4 years ago
- Journey to conquer the OSCP!☆13Updated 5 years ago
- ☆34Updated this week
- ☆33Updated 4 years ago
- A simple grep user interface for searching code which can be used for SAST.☆8Updated 5 years ago
- Report and finding templates used by the Serpico reporting tool☆15Updated 5 years ago
- ☆10Updated this week
- A multi-threaded scanner that helps identify CORS flaws/misconfigurations☆18Updated 4 years ago
- Quick WAF "paranoid" Doctor Evaluation | WAFPARAN01D3 Tool☆25Updated 2 years ago