nianticlabs / modron

Related projects: ⓘ

• ncc-erik-steringer / Aerides
  An implementation of infrastructure-as-code scanning using dynamic tooling.
  ☆56Updated 2 years ago
• Rezonate-io / github-oidc-checker
  Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts
  ☆56Updated last year
• wiz-sec-public / namespacehound
  NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.
  ☆56Updated 6 months ago
• wiz-sec-public / peach-framework
  PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by use…
  ☆65Updated last year
• DuneGroup / ice-axe
  ☆21Updated this week
• crypsisgroup / ebs-direct-sec-tools
  Fun tools around the EBS Direct API
  ☆17Updated 3 years ago
• jdyke / gcp-iam-analyzer
  Compares and analyzes GCP IAM roles.
  ☆76Updated 3 months ago
• nccgroup / insject
  insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.
  ☆49Updated 2 years ago
• somethingnew2-0 / SimpleCSPM
  GCP CSPM using Google Sheets
  ☆33Updated 3 months ago
• carta / krang
  Knowledge Report Alert & Normalization Generator
  ☆27Updated 6 months ago
• trufflesecurity / WhoAmISlack
  Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.
  ☆38Updated 9 months ago
• gyrospectre / squyre
  Security Alert Decoration
  ☆25Updated 4 months ago
• abhisek / supply-chain-security-gateway
  Reference architecture and proof of concept implementation for supply chain security gateway
  ☆23Updated last year
• DataDog / workload-security-evaluator
  Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.
  ☆29Updated 5 months ago
• runreveal / sigmalite
  ☆12Updated 2 weeks ago
• Permiso-io-tools / LogLicker
  Tool for obfuscating and deobfuscating data.
  ☆60Updated 5 months ago
• kpolley / slackurity
  Slack bot which promotes Defense in Depth/Zero Trust security practices
  ☆24Updated last year
• shellcromancer / audit-log-wall-of-shame
  Audit log wall of shame.
  ☆41Updated 2 months ago
• allisonis / gcp-iam-sentinel-examples
  ☆28Updated 4 years ago
• stephenbradshaw / aws_url_signer
  POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF
  ☆57Updated last year
• RhinoSecurityLabs / dsnap
  Utility for downloading and mounting EBS snapshots using the EBS Direct API's
  ☆72Updated last year
• steeve85 / tfviz
  Visualize your Terraform files
  ☆34Updated 4 years ago
• twistlock / lambda-persistency-poc
  PoC for gaining persistency on vulnerable Lambdas
  ☆30Updated 3 years ago
• ramimac / breach-list-database
  A meta-database collecting resources that compile lists of breaches
  ☆17Updated 5 months ago
• RichardoC / gitlab-secrets
  This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…
  ☆38Updated last month
• heroku / bheu19-attacking-cloud-builds
  Slides, Cheatsheet and Resources from our Blackhat EU talk
  ☆38Updated 4 years ago
• sebastian-mora / awsssome_phish
  AWS SSO serverless phishing API.
  ☆29Updated 3 years ago
• hotnops / AWSRoleJuggler
  A toolset to juggle AWS roles for persistent access
  ☆47Updated last month
• Frichetten / aws_api_shapeshifter
  A small library to alter AWS API requests; Used for fuzzing research
  ☆21Updated 10 months ago
• krisnova / kush
  Kubernetes Unhinged Shell 😎
  ☆46Updated last year