twistlock / sa-hunter

Related projects: ⓘ

• raesene / eathar
  ☆24Updated 4 months ago
• wiz-sec-public / namespacehound
  NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.
  ☆56Updated 6 months ago
• praetorian-inc / snowcat
  a tool to audit the istio service mesh
  ☆173Updated 2 years ago
• nccgroup / insject
  insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.
  ☆49Updated 2 years ago
• Betep0k / CVE-2021-25741
  Exploit for CVE-2021-25741 vulnerability
  ☆28Updated 2 years ago
• raesene / container-security-site
  ☆90Updated 4 months ago
• nccgroup / kubetcd
  Post-exploit a compromised etcd, gain persistence and remote shell to nodes.
  ☆70Updated 4 months ago
• praetorian-inc / konstellation
  Konstellation is a configuration-driven CLI tool to enumerate cloud resources and store the data into Neo4j.
  ☆19Updated last year
• tabbysable / POC-2020-8559
  Proof of Concept exploit for Kubernetes CVE-2020-8559
  ☆20Updated 4 years ago
• blackberry / Falco-bypasses
  Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).
  ☆78Updated 7 months ago
• twistlock / whoc
  A container image that exfiltrates the underlying container runtime to a remote server
  ☆126Updated last year
• tabbysable / POC-2020-8558
  Information about Kubernetes CVE-2020-8558, including proof of concept exploit.
  ☆42Updated 4 years ago
• danielsagi / kube-pod-escape
  Kubernetes POC for utilizing write mount to /var/log for getting a root on the host
  ☆89Updated 3 years ago
• knqyf263 / remic
  Vulnerability Scanner for Detecting Publicly Disclosed Vulnerabilities in Application Dependencies
  ☆23Updated 5 years ago
• 4ARMED / kubeletmein
  Security testing tool for Kubernetes, abusing kubelet credentials on public cloud providers.
  ☆159Updated 10 months ago
• danielsagi / kube-dnsspoof
  A POC for DNS spoofing in kubernetes clusters. Runs with minimum capabilities, on default installations of kuberentes.
  ☆74Updated 5 years ago
• lightspin-tech / lightspin-2022-top-7-attack-paths
  Based on Lightspin proprietary data, research, and our tracking of cloud security trends in the market, our research team has compiled a …
  ☆38Updated 2 years ago
• yasindce1998 / KubeDagger
  Kubernetes offensive framework built in eBPF
  ☆34Updated last year
• antitree / cmd_and_kubectl_demos
  ☆27Updated 2 months ago
• hotnops / AWSRoleJuggler
  A toolset to juggle AWS roles for persistent access
  ☆47Updated last month
• alexivkin / kubepwn
  Kubernetes Pwnage for all
  ☆54Updated 3 years ago
• twistlock / lambda-persistency-poc
  PoC for gaining persistency on vulnerable Lambdas
  ☆30Updated 3 years ago
• xfhg / intercept
  INTERCEPT / Policy as Code Auditing & Compliance
  ☆82Updated this week
• RichardoC / kube-audit-rest
  Kubernetes audit logging, when you don't control the control plane
  ☆64Updated this week
• raesene / teisteanas
  ☆20Updated 4 months ago
• hacking-kubernetes / hacking-kubernetes.info
  book website
  ☆66Updated 2 years ago
• DataDog / dirtypipe-container-breakout-poc
  Container Excape PoC for CVE-2022-0847 "DirtyPipe"
  ☆77Updated 2 years ago
• madhuakula / docker-security-checker
  Dockerfile Security Checker using OPA Rego policies with Conftest
  ☆58Updated 2 years ago
• awslabs / k8s-network-policy-migrator
  K8s Network Policy Migrator is a tool to migrate Calico or Cilium custom network policies to Kubernetes native network policy. The tool o…
  ☆30Updated last year
• avolens / kubefuzz
  Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification.
  ☆71Updated last year