Offensive Terraform module which copies publicly exposed EBS snapshot to us-east-1 region in attacker's AWS account and creates EBS volume from the copied EBS snapshot. After that, the module attaches and mounts the EBS volume to an EC2 instance. Finally, attacker can ssh into an EC2 instance and inspect a mounted volume "/usr/src/hack".
☆14Sep 18, 2020Updated 5 years ago
Alternatives and similar repositories for terraform-aws-ebs-snapshot-publicly-exposed
Users that are interested in terraform-aws-ebs-snapshot-publicly-exposed are comparing it to the libraries listed below
Sorting:
- Offensive Terraform module which creates EC2 instance and reverse shell from an EC2 instance to attacker machine.☆16Sep 19, 2020Updated 5 years ago
- ☆11Apr 10, 2021Updated 4 years ago
- Offensive Terraform module which creates an IAM role with trust relationship with attacker's AWS account and attaches managed IAM Policy …☆12Sep 18, 2020Updated 5 years ago
- Short deep dive into Threat Hunting on AWS☆17Oct 15, 2023Updated 2 years ago
- ☆16Dec 8, 2022Updated 3 years ago
- An industrial strength, best practice reference architecture showing how to prevent credential sprawl with Vault on AWS☆18Jun 18, 2017Updated 8 years ago
- Offensive Terraform module which creates Kali Linux from the AWS marketplace and installs cloud security tools (Pacu, Cloudsplaining, Sco…☆19Sep 27, 2020Updated 5 years ago
- A collection of 2020 artifacts describing the major pain points, vulnerabilities and concerns with Cloud Security.☆20Jan 24, 2021Updated 5 years ago
- PoC shadow SaaS and insecure credential detection system using a browser extension.☆42Feb 8, 2026Updated last month
- boostsecurityio/bagel☆79Feb 12, 2026Updated 3 weeks ago
- The best way to learn Frida, is practicing. This is an example of scripts to use in a practical workshop.☆28Jun 13, 2017Updated 8 years ago
- ☆101Feb 2, 2026Updated last month
- Card Payments Simulation Tool For Indie Devs : Core Card Switch Engine, Fraud Engine, ATM/POS GUI Simulator , Admin Dash (Real-time MSG …☆19Jun 15, 2025Updated 8 months ago
- Grouper Python Client Library☆10Apr 18, 2023Updated 2 years ago
- A comprehensive framework for analyzing and defending against attacks targeting Software Development Life Cycle Infrastructure.☆128Updated this week
- Convert Confluence MIME exports (.doc) to clean Markdown☆36Jan 13, 2026Updated last month
- A Docker-based development stack for Bedrock WordPress multisite, optimized for local development, source control, and CI/CD integration.☆14Jun 26, 2025Updated 8 months ago
- A Collection of Awesome Vibe Coding Tools☆23Apr 19, 2025Updated 10 months ago
- Example Material for SecureState's 2016 Python for Pentesters Webinar☆10Dec 13, 2016Updated 9 years ago
- Bash-based recon automation script that orchestrates tools like Nmap, Dirsearch (Python), and crt.sh to perform port scanning, directory …☆15Jul 22, 2025Updated 7 months ago
- A repo of fake committed secrets to test tools that find committed secrets ([dont submit for BB :-) ]☆10Mar 22, 2018Updated 7 years ago
- A very basic app written in Javascript and packaged as a Docker image to be used as a demo when testing clustered deployments in ECS/EKS.☆11Jun 30, 2023Updated 2 years ago
- Files for the Defcon Toronto Introduction to 64-bit Linux Exploitation☆15Feb 23, 2018Updated 8 years ago
- Holds and organizes all past, present, and future presentations at the meetup☆41Jul 15, 2020Updated 5 years ago
- Python Certificate Transparency client☆11Feb 8, 2015Updated 11 years ago
- AWS security training tasks for your first projects☆12Nov 4, 2024Updated last year
- A repository of remark/rehype, Zod, Astro plugins and more☆18Feb 21, 2026Updated 2 weeks ago
- Converts burp's sitemap to sulley's fuzzing script☆11Aug 30, 2015Updated 10 years ago
- Threat Modeling with ATT&CK defines how to integreate MITRE ATT&CK® into your organization’s existing threat modeling methodology.☆12May 28, 2025Updated 9 months ago
- windows-operating-system-archaeology @Enigma0x3 @subTee☆49Apr 22, 2017Updated 8 years ago
- OAuch is an open-source security best practices and threats analyzer for OAuth 2.0 authorization server implementations☆13Sep 4, 2025Updated 6 months ago
- ☆17Aug 16, 2023Updated 2 years ago
- Some quines in the Go programming language☆15Mar 8, 2023Updated 3 years ago
- Cyber Security Resources☆10Jan 25, 2024Updated 2 years ago
- Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev☆10May 19, 2025Updated 9 months ago
- Python script to create simple posters, using simple phrases and background images.☆11Mar 19, 2015Updated 10 years ago
- Node bindings for Castle☆13Jan 26, 2026Updated last month
- Automatically distribute GitHub Actions workflow across repositories.☆12Mar 1, 2026Updated last week
- Application Security Vulnerability Periodic Table☆14Aug 25, 2014Updated 11 years ago