offensive-terraform / terraform-aws-ebs-snapshot-publicly-exposed
Offensive Terraform module which copies publicly exposed EBS snapshot to us-east-1 region in attacker's AWS account and creates EBS volume from the copied EBS snapshot. After that, the module attaches and mounts the EBS volume to an EC2 instance. Finally, attacker can ssh into an EC2 instance and inspect a mounted volume "/usr/src/hack".
☆15Updated 4 years ago
Alternatives and similar repositories for terraform-aws-ebs-snapshot-publicly-exposed
Users that are interested in terraform-aws-ebs-snapshot-publicly-exposed are comparing it to the libraries listed below
Sorting:
- Offensive Terraform module which creates EC2 instance and reverse shell from an EC2 instance to attacker machine.☆17Updated 4 years ago
- AWS SSO serverless phishing API.☆32Updated 3 years ago
- A combined list of helpful awscli commands from Scott Piper's flaws.cloud exercise as well as from Beau Bullock's Breaching the Cloud Tra…☆19Updated 4 years ago
- Updated incident response generator for training classes☆44Updated 3 years ago
- Kubernetes Security Testing Guide☆26Updated last year
- An AWS Lambda vulnerable application written in flask.☆48Updated 7 years ago
- Pivot into private VPC networks using a VPN connection☆42Updated 5 years ago
- Research on the enumeration of IAM permissions without logging to CloudTrail☆61Updated 3 years ago
- Jekyll Files for cloudsecwiki.com☆50Updated 3 years ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆134Updated 5 years ago
- GCP GOAT is the vulnerable application for learn the GCP Security☆64Updated last year
- Route53/CloudFront Vulnerability Assessment Utility☆85Updated last year
- This repository maintains some of the scripts made by Ebryx DevSecOps team.☆12Updated 2 years ago
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆76Updated 3 years ago
- Salesforce Policy Deviation Checker☆30Updated 4 years ago
- Serverless Workshop☆16Updated 2 years ago
- ☆29Updated 8 years ago
- A collection of slides, videos, and proof-of-concept scripts from various Rhino presentations.☆38Updated 6 years ago
- 🖇️ STRIDE vs. ASVS equivalence table☆76Updated 8 months ago
- Orchestron is an Application Vulnerability Management and Correlation Tool.Orchestron helps you solve one key problem "Find and fix vulne…☆31Updated 2 years ago
- ☆36Updated 4 years ago
- Presentations, training modules, and other education materials from Duo Security's Application Security team.☆73Updated 3 years ago
- Semgrep rules corresponding to the OWASP ASVS standard☆27Updated 4 years ago
- Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters☆14Updated 5 years ago
- Interactive IPython Notebook to demonstrate OWASP ZAP's API and Scripting Functions - OWASP ZAP 2.8.0☆41Updated 2 years ago
- AWS Extender CLI is a command-line script to test S3 buckets as well as Google Storage buckets and Azure Storage containers for common mi…☆83Updated 5 years ago
- Tools to automate AWS Cloud security assessments☆24Updated 5 years ago
- This is a set of tips and reminders for pentesting processes and scripts/programs. Initially for personal use, but if anyone else finds t…☆52Updated 5 years ago
- ☆27Updated 6 months ago
- Assess certain AWS network configurations☆12Updated 6 years ago