This is an offensive guide to securing AWS infrastructures. The hope is that by knowing how to take advantage of various types of AWS weaknesses you will be verse enough to provide the correct countermeasures.
☆174Mar 1, 2019Updated 7 years ago
Alternatives and similar repositories for guide-aws-hacking
Users that are interested in guide-aws-hacking are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Repository for all the workshop content delivered at nullcon X on 1st of March 2019☆80Apr 4, 2019Updated 7 years ago
- Burp extension to generate multi-step CSRF POC.☆31Sep 23, 2019Updated 6 years ago
- An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share th…☆14Feb 16, 2021Updated 5 years ago
- A very vulnerable serverless application in AWS Lambda☆98Oct 7, 2019Updated 6 years ago
- A utility to convert your AWS CLI credentials into AWS console access.☆259May 7, 2020Updated 5 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Cloudformation Template and Lambda to detect if Instance Profile credentials are being used outside your AWS Account.☆29Aug 18, 2019Updated 6 years ago
- The Open-Source AWS Cyber Range☆494Aug 16, 2020Updated 5 years ago
- A collection of AWS penetration testing junk☆1,224Aug 30, 2023Updated 2 years ago
- A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __…☆12Jun 29, 2015Updated 10 years ago
- ☆263Jun 28, 2024Updated last year
- Deliberately vulnerable AWS resources for security assessment demos☆32Aug 20, 2022Updated 3 years ago
- Opsec considerations for each AWS GuardDuty finding type.☆24Oct 29, 2020Updated 5 years ago
- AWS CloudTrail CloudFormation template which creates KMS encryption keys, an encrypted S3 bucket, and enables CloudTrail☆14May 26, 2024Updated last year
- Configure AWS accounts for CloudTrail, Root Account Usage Monitor.☆13Aug 24, 2015Updated 10 years ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- TSLint rules for Angular☆18Nov 30, 2018Updated 7 years ago
- Welcome to OpenDevSecOps! Our mission is to deliver highly-resilient, readily-available and free defensive and offensive devops security …☆21Jan 29, 2019Updated 7 years ago
- A powerful target reconnaissance framework powered by graph theory.☆420Oct 21, 2022Updated 3 years ago
- Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities☆136Dec 8, 2022Updated 3 years ago
- A list of questions that can be asked during an interview for a cloud architect position.☆11Nov 27, 2021Updated 4 years ago
- Resource types that can be publicly exposed on AWS☆331Feb 23, 2022Updated 4 years ago
- CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool☆3,535Updated this week
- Packer and vagrant scripts to automate building Windows and Linux machines on vCenter☆17Jul 7, 2019Updated 6 years ago
- ThreadsApp is a web application built with a purpose of helping people learn web application security.☆17Nov 22, 2024Updated last year
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- Watch CloudTrail and send notifications of every action to an slack channel.☆13Jun 15, 2018Updated 7 years ago
- Proof-of-Concept exploit of CVE-2018-19131: Squid Proxy XSS via X.509 Certificate☆19Nov 14, 2018Updated 7 years ago
- C# port of LogServiceCrash☆46Oct 7, 2020Updated 5 years ago
- Pown.js is a security testing an exploitation toolkit built on top of Node.js and NPM.☆262Apr 7, 2023Updated 3 years ago
- Store the ATD/openapi/protobuf/... interfaces between semgrep components☆18Mar 31, 2026Updated last week
- OWASP Foundation Web Respository☆37Oct 3, 2025Updated 6 months ago
- The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.☆5,128Mar 30, 2026Updated last week
- ☆20Jan 12, 2022Updated 4 years ago
- A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.☆926Jul 25, 2019Updated 6 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- An AWS Lambda vulnerable application written in flask.☆49Oct 9, 2017Updated 8 years ago
- AWSATT&CK adds MITRE ATT&CK context and additional logging capabilities to Rhino Security Labs's open-source AWS exploitation framework, …☆45Mar 5, 2021Updated 5 years ago
- Pown Proxy is a versatile web application security testing proxy with cool TUI features.☆60May 16, 2019Updated 6 years ago
- Blazing CloudTrail since 2018☆138Jan 27, 2019Updated 7 years ago
- Defending IaaS with ATT&CK is a project to create a collection of ATT&CK techniques relevant to a Linux IaaS environment, as well as a me…☆14May 28, 2025Updated 10 months ago
- AWS Cloudtrail event alerting lambda function. Send alerts to Slack, Email, or SNS.☆20Apr 13, 2023Updated 2 years ago
- Manage GuardDuty At Enterprise Scale☆22Sep 17, 2020Updated 5 years ago