technologik / terraform_attack_automation
Automation associated with our talk: Attacking and Defending Infrastructure with Terraform
☆16Updated 2 years ago
Alternatives and similar repositories for terraform_attack_automation:
Users that are interested in terraform_attack_automation are comparing it to the libraries listed below
- GCP CSPM using Google Sheets☆34Updated 8 months ago
- Compares and analyzes GCP IAM roles.☆77Updated 8 months ago
- Audit log wall of shame.☆41Updated 4 months ago
- ☆14Updated 2 years ago
- Convert cloudtrail data to MITRE ATT&CK Sightings☆79Updated 2 years ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆60Updated last year
- Repository to archive GCP Documentation for local use☆15Updated last week
- ☆82Updated 5 years ago
- ☆47Updated 3 months ago
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆76Updated 2 years ago
- Updated incident response generator for training classes☆43Updated 3 years ago
- ☆63Updated 2 years ago
- ☆28Updated 4 years ago
- CloudSplaining on AWS Managed Policies☆41Updated this week
- 🖇️ STRIDE vs. ASVS equivalence table☆75Updated 5 months ago
- 'Continuous' AWS perimeter monitoring: Periodically scan internet facing AWS resources to detect misconfigured services.☆64Updated 5 years ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆82Updated last week
- Manage GuardDuty At Enterprise Scale☆22Updated 4 years ago
- Clean accounts over permissions in GCP infra at scale☆71Updated last year
- Knowledge Report Alert & Normalization Generator☆27Updated 11 months ago
- Harness the security superpowers of your cloud asset inventory☆11Updated 4 months ago
- Research on the enumeration of IAM permissions without logging to CloudTrail☆60Updated 3 years ago
- Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).☆141Updated 10 months ago
- Presentations, training modules, and other education materials from Duo Security's Application Security team.☆73Updated 3 years ago
- Deliberately vulnerable AWS resources for security assessment demos☆31Updated 2 years ago
- Detect publicly accessible Lambda Function URLs in your AWS account☆9Updated 2 years ago
- Generates runbooks for GuardDuty findings☆35Updated 7 months ago
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Updated 3 years ago
- Coalfire AWS RAMP/pak Reference Architecture☆36Updated 5 months ago
- GCP Auto Remediation Suite for High Risk Events☆42Updated 3 years ago