offensive-terraform / terraform-aws-ebs-snapshot-publicly-exposedLinks
Offensive Terraform module which copies publicly exposed EBS snapshot to us-east-1 region in attacker's AWS account and creates EBS volume from the copied EBS snapshot. After that, the module attaches and mounts the EBS volume to an EC2 instance. Finally, attacker can ssh into an EC2 instance and inspect a mounted volume "/usr/src/hack".
☆15Updated 5 years ago
Alternatives and similar repositories for terraform-aws-ebs-snapshot-publicly-exposed
Users that are interested in terraform-aws-ebs-snapshot-publicly-exposed are comparing it to the libraries listed below
Sorting:
- Presentations, training modules, and other education materials from Duo Security's Application Security team.☆77Updated 4 years ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.☆134Updated 5 years ago
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆78Updated 3 years ago
- 🖇️ equivalence table between OWASP ASVS standard and STRIDE threat modeling methodology.☆75Updated last year
- Kubernetes Security Testing Guide☆26Updated last year
- Pentester-focused Docker registry tool to enumerate and pull images☆112Updated 5 years ago
- Research on the enumeration of IAM permissions without logging to CloudTrail☆61Updated 4 years ago
- ☆69Updated 5 months ago
- GCP GOAT is the vulnerable application for learn the GCP Security☆70Updated 7 months ago
- Updated incident response generator for training classes☆44Updated 4 years ago
- A combined list of helpful awscli commands from Scott Piper's flaws.cloud exercise as well as from Beau Bullock's Breaching the Cloud Tra…☆19Updated 4 years ago
- This repo gives an overview of some GCP metadata API attack and defend patterns☆77Updated 5 years ago
- The Open Security Summit is focused on the collaboration between, Developers and Application Security☆45Updated 5 months ago
- Scan your EC2 instance to find its vulnerabilities using Vuls (https://vuls.io/en/)☆89Updated 3 years ago
- Salesforce Policy Deviation Checker☆30Updated 5 years ago
- Kubernetes Pwnage for all☆56Updated 5 years ago
- An AWS Lambda vulnerable application written in flask.☆49Updated 8 years ago
- Assorted tools for security-related task for git repositories☆58Updated 3 years ago
- Route53/CloudFront Vulnerability Assessment Utility☆87Updated 2 years ago
- Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.☆76Updated 5 years ago
- ☆21Updated 7 years ago
- ☆57Updated 5 years ago
- A simple file-based scanner to look for potential AWS access and secret keys in files☆93Updated last year
- AWS SSO serverless phishing API.☆32Updated 4 years ago
- A curated list of security tools for Hackers & Builders!☆99Updated last year
- ☆10Updated 3 years ago
- IAMFinder enumerates and finds users and IAM roles in a target AWS account.☆111Updated 5 years ago
- ☆68Updated 8 years ago
- Hayat is a script for report and analyze Google Cloud Platform resources.☆81Updated 5 years ago
- Semgrep rules corresponding to the OWASP ASVS standard☆27Updated 5 years ago