piercing-index / cloud-vulnerabilities
☆37Updated 7 months ago
Related projects ⓘ
Alternatives and complementary repositories for cloud-vulnerabilities
- A PoC to Simulate Ransomware Attack on AWS Environment☆27Updated last month
- ☆18Updated 2 years ago
- HoneyZure is a honeypot tool specifically designed for Azure environments, fully provisioned through Terraform. It leverages a Log Analyt…☆16Updated 5 months ago
- Azure Activity Log Axe is a continually developing tool that simplifies the transactional log format provided by Microsoft. The tool leve…☆22Updated 2 months ago
- ☆33Updated last week
- CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.☆27Updated 2 years ago
- InfoSec OpenAI Examples☆19Updated 11 months ago
- GCP GOAT is the vulnerable application for learn the GCP Security☆62Updated last year
- The Event Maturity Matrix (EMM) is a comprehensive framework that provides clarity regarding the capabilities and nuances of SaaS audit l…☆17Updated 2 months ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆62Updated 6 months ago
- This repository contains the research and components of our research into using Sigma for AWS Incident Response.☆25Updated last year
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆51Updated last year
- A public cloud security knowledgebase - https://www.secwiki.cloud/☆49Updated last week
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆84Updated 10 months ago
- ☆40Updated 5 months ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆57Updated last year
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…☆39Updated 3 months ago
- A set of AWS resources for testing the Log4Shell vulnerability, deployable with terraform☆12Updated 2 years ago
- This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs☆36Updated last month
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆58Updated last year
- Enriching the NVD CVSS scores to include Temporal & Threat Metrics☆61Updated this week
- Blogpost series showcasing interesting cloud - web app security bugs☆46Updated last year
- Defending IaaS with ATT&CK is a project to create a collection of ATT&CK techniques relevant to a Linux IaaS environment, as well as a me…☆13Updated 8 months ago
- Determine privileges from cloud credentials via brute-force testing.☆64Updated 2 months ago
- ThreatModel for Azure Storage - Library of all the attack scenarios on Azure Storage, and how to mitigate them following a risk-based app…☆57Updated last year
- Virtual Security Operations Center☆49Updated last year
- ☆29Updated last month
- ☆14Updated last year
- 🖇️ STRIDE vs. ASVS equivalence table☆75Updated 2 months ago