nianticlabs / modron
Modron - Cloud security compliance
☆32Updated 10 months ago
Related projects: ⓘ
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Updated 2 years ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆56Updated last year
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆56Updated 6 months ago
- PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by use…☆65Updated last year
- ☆21Updated this week
- Fun tools around the EBS Direct API☆17Updated 3 years ago
- Compares and analyzes GCP IAM roles.☆76Updated 3 months ago
- insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.☆49Updated 2 years ago
- GCP CSPM using Google Sheets☆33Updated 3 months ago
- Knowledge Report Alert & Normalization Generator☆27Updated 6 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆38Updated 9 months ago
- Security Alert Decoration☆25Updated 4 months ago
- Reference architecture and proof of concept implementation for supply chain security gateway☆23Updated last year
- Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.☆29Updated 5 months ago
- ☆12Updated 2 weeks ago
- Tool for obfuscating and deobfuscating data.☆60Updated 5 months ago
- Slack bot which promotes Defense in Depth/Zero Trust security practices☆24Updated last year
- Audit log wall of shame.☆41Updated 2 months ago
- ☆28Updated 4 years ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆57Updated last year
- Utility for downloading and mounting EBS snapshots using the EBS Direct API's☆72Updated last year
- Visualize your Terraform files☆34Updated 4 years ago
- PoC for gaining persistency on vulnerable Lambdas☆30Updated 3 years ago
- A meta-database collecting resources that compile lists of breaches☆17Updated 5 months ago
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…☆38Updated last month
- Slides, Cheatsheet and Resources from our Blackhat EU talk☆38Updated 4 years ago
- AWS SSO serverless phishing API.☆29Updated 3 years ago
- A toolset to juggle AWS roles for persistent access☆47Updated last month
- A small library to alter AWS API requests; Used for fuzzing research☆21Updated 10 months ago
- Kubernetes Unhinged Shell 😎☆46Updated last year