netskopeoss / iaas_permission_mining
☆19Updated 11 months ago
Related projects: ⓘ
- GCP GOAT is the vulnerable application for learn the GCP Security☆61Updated 11 months ago
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆74Updated 2 years ago
- ☆133Updated last year
- Enriching the NVD CVSS scores to include Temporal & Threat Metrics☆56Updated this week
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆57Updated last year
- Docs: Vulnerability management aggregation of AppSec & OpSec (Tools Listing)☆30Updated last year
- Supplemental templates for securing the cloud.☆32Updated 6 months ago
- ☆35Updated 5 months ago
- ☆66Updated 4 months ago
- Virtual Security Operations Center☆49Updated last year
- GCP cloud security CTF☆41Updated 6 months ago
- Security Scanner based on CIS benchmark 1.1 inspired by Scout2☆52Updated last year
- Slackhound allows red and blue teams to perform fast reconnaissance on Slack workspaces/organizations to quickly search user profiles, lo…☆73Updated 7 months ago
- Opsec considerations for each AWS GuardDuty finding type.☆22Updated 3 years ago
- CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.☆28Updated 2 years ago
- An AWS Lambda vulnerable application written in flask.☆48Updated 6 years ago
- ☆58Updated last year
- Hayat is a script for report and analyze Google Cloud Platform resources.☆79Updated 4 years ago
- GCP CSPM using Google Sheets☆33Updated 3 months ago
- 🖇️ STRIDE vs. ASVS equivalence table☆74Updated 3 weeks ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆132Updated 4 years ago
- pocket guide for core detection engineering concepts☆27Updated last year
- Scans Slack for API tokens, credentials, passwords, and more using YARA rules☆37Updated 3 years ago
- Supporting material for my presentation "Adversarial Threat Modelling — A Practical Approach to Purple Teaming in the Enterprise"☆50Updated 2 years ago
- Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters☆13Updated 4 years ago
- Microsoft Azure Exploitation Framework☆53Updated 3 years ago
- A Docker container for remote penetration testing.☆132Updated 3 years ago
- A combined list of helpful awscli commands from Scott Piper's flaws.cloud exercise as well as from Beau Bullock's Breaching the Cloud Tra…☆18Updated 3 years ago
- ☆30Updated 4 years ago
- This application was built to help reduce the amount of time it takes to review AWS Lambda code.☆60Updated 3 months ago