trustoncloud / threatmodel-for-aws-s3View external linksLinks
Threat model for Amazon S3 - Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach
☆157Oct 2, 2023Updated 2 years ago
Alternatives and similar repositories for threatmodel-for-aws-s3
Users that are interested in threatmodel-for-aws-s3 are comparing it to the libraries listed below
Sorting:
- Threat model for Azure Storage - Library of all the attack scenarios on Azure Storage, and how to mitigate them following a risk-based ap…☆59Jun 11, 2023Updated 2 years ago
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆101Jan 12, 2024Updated 2 years ago
- Fun tools around the EBS Direct API☆19Apr 16, 2021Updated 4 years ago
- Unauthenticated enumeration of AWS, Azure, and GCP Principals☆282Nov 27, 2025Updated 2 months ago
- Supporting material for the "Hunting Bugs In The Tropics" DEFCON 30 talk☆10Aug 18, 2022Updated 3 years ago
- ☆30Jan 13, 2026Updated last month
- ☆16Jul 17, 2024Updated last year
- A simple threat modeling tool to help humans to reduce time-to-value when threat modeling☆668Feb 7, 2026Updated last week
- ☆46Nov 7, 2024Updated last year
- OWASP Domain Protect - prevent subdomain takeover☆398Dec 23, 2024Updated last year
- 🚨ATTENTION🚨 The Security Stack Mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is k…☆389Apr 3, 2024Updated last year
- ☆1,049Aug 22, 2025Updated 5 months ago
- Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.☆270Updated this week
- This repo has been replaced by https://www.cloudvulndb.org☆727Jun 29, 2022Updated 3 years ago
- Whois for the Cloud: Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.☆183Oct 9, 2025Updated 4 months ago
- Red Team Automation tool powered by go and terraform☆33May 26, 2021Updated 4 years ago
- A MITRE ATT&CK Navigator export for AWS GuardDuty Findings☆139Jul 23, 2021Updated 4 years ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆59Sep 20, 2023Updated 2 years ago
- ☆18Jul 3, 2020Updated 5 years ago
- AWSATT&CK adds MITRE ATT&CK context and additional logging capabilities to Rhino Security Labs's open-source AWS exploitation framework, …☆45Mar 5, 2021Updated 4 years ago
- List of known AWS accounts☆252Feb 6, 2026Updated last week
- A collection of documented and undocumented AWS API models☆53Nov 21, 2025Updated 2 months ago
- Blogpost series showcasing interesting cloud - web app security bugs☆49Jun 13, 2023Updated 2 years ago
- Crowdsourced list of sensitive IAM Actions☆159Oct 29, 2024Updated last year
- Automated Attack Simulation in the Cloud, complete with detection use cases.☆602Nov 28, 2024Updated last year
- A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure☆754Oct 14, 2023Updated 2 years ago
- Search exposed EBS volumes for secrets☆302Apr 24, 2023Updated 2 years ago
- ☆269Jan 14, 2026Updated last month
- AWS SSO serverless phishing API.☆32Jun 30, 2021Updated 4 years ago
- Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frame…☆224Aug 11, 2023Updated 2 years ago
- An AWS tool to help you create a point in time assessment of your AWS account using Prowler.☆590Nov 12, 2025Updated 3 months ago
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆339Feb 8, 2026Updated last week
- Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.☆647Nov 21, 2019Updated 6 years ago
- Cloud Templates and scripts to deploy mordor environments☆129Mar 3, 2021Updated 4 years ago
- AWS Security Analytics Bootstrap enables customers to perform security investigations on AWS service logs by providing an Amazon Athena a…☆270Updated this week
- Playing around with Stratus Red Team (Cloud Attack simulation tool) and SumoLogic☆308Jan 6, 2023Updated 3 years ago
- Modron - Cloud security compliance☆34Dec 11, 2024Updated last year
- Simulates a compromise in a cloud and container environment☆33Dec 18, 2024Updated last year
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Jan 18, 2022Updated 4 years ago