• Stars
    star
    1,043
  • Rank 44,174 (Top 0.9 %)
  • Language
  • Created over 2 years ago
  • Updated about 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Azure and AWS Attacks

Cloud Security - Attacks

AWS

Privilege Escalation to SYSTEM in AWS VPN Client

AWS WorkSpaces Remote Code Execution

Resource Injection in CloudFormation Templates

Downloading and Exploring AWS EBS Snapshots

CloudGoat ECS_EFS_Attack Walkthrough

GKE Kubelet TLS Bootstrap Privilege Escalation

Weaponizing AWS ECS Task Definitions to Steal Credentials From Running Containers

CloudGoat AWS Scenario Walkthrough: β€œEC2_SSRF”

Pillaging AWS ECS Task Definitions for Hardcoded Secrets

Abusing VPC Traffic Mirroring in AWS

Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT)

Bypassing IP Based Blocking with AWS API Gateway

Phishing Users with MFA on AWS

AWS IAM Privilege Escalation – Methods and Mitigation

Penetration Testing AWS Storage: Kicking the S3 Bucket

Cloud Security Risks (P2): CSV Injection in AWS CloudTrail

Amazon’s AWS Misconfiguration: Arbitrary Files Upload in Amazon Go

Privilege Escalation Attack : Attacking AWS IAM permission misconfigurations

IAM Vulnerable - An AWS IAM Privilege Escalation Playground

Escalator to the Cloud: 5 Privesc Attack Vectors in AWS

Vulnerable AWS Lambda function – Initial access in cloud attacks

Inside a Privilege Escalation Attack via Amazon Web Services’ EC2

AWS Attacks

AWS Shadow Admin

Gaining AWS Console Access via API Keys

Automate AWS AMI Creation For EC2 And Copy to Other Region

Instance Connect - Push an SSH key to EC2 instance

Golden SAML Attack

Stealing hashes from Domain Controllers in the Cloud

AWS PenTest Methodology

CloudGoat Official Walkthrough Series: β€œrce_web_app”

Azure

GKE Kubelet TLS Bootstrap Privilege Escalation

Cloud Security Risks (Part 1): Azure CSV Injection Vulnerability

Security for SaaS Companies: Leveraging Infosec for Business Value

Common Azure Security Vulnerabilities and Misconfigurations

Enumerate valid emails

Enumerate Azure Subdomains

Azure Attacks

Azure Active Directory Account Enumeration

Abusing Microsoft’s Azure domains to host phishing attacks

Defending against the EvilGinx2 MFA Bypass

Introduction To 365-Stealer - Understanding and Executing the Illicit Consent Grant Attack

Azure AD Password spray; from attack to detection (and prevention).

LATERAL MOVEMENT TO THE CLOUD WITH PASS-THE-PRT

Azure AD Pass The Certificate

How to SSH into specific Azure Web App instance

Attacking Azure, Azure AD, and Introducing PowerZure

Undetected Azure Active Directory Brute-Force Attacks

How Azure AD Could Be Vulnerable to Brute-Force and DOS Attacks

How to bypass MFA in Azure and O365

AWS Security Tools

Azure Security Tools

More Repositories

1

OSCE3-Complete-Guide

OSWE, OSEP, OSED, OSEE
2,568
star
2

Awesome-Red-Team-Operations

1,260
star
3

Guide-CEH-Practical-Master

1,168
star
4

Awesome-Cloud-PenTest

676
star
5

Red-Team-Management

HTML
627
star
6

Offensivesecurity-Checklists

Checklists for Testing Security environment
545
star
7

Awesome-Malware-and-Reverse-Engineering

379
star
8

eWPTX-Preparation

325
star
9

Python-for-Security

HTML
303
star
10

Awesome-Hardware-and-IoT-Hacking

246
star
11

GCP-Pentest-Checklist

213
star
12

OSCP-Survival-Guide

208
star
13

information-security-relatory

Reports from various areas of information security
188
star
14

PNPT-Preparation-Guide

PNPT Exam Preparation - TCM Security
154
star
15

eWPT-Preparation

148
star
16

Red-Team-Exercises

C++
139
star
17

awesome-flipperzero2

Compilation of contents about Flipper Zero
127
star
18

Awesome-PenTest-Practice

Hackthebox, Vulnhub, TryHackMe and Real World PenTest
101
star
19

eCXD-Preparation

eLearnSecurity Certified Exploit Development
98
star
20

Awesome-Blue-Team-Operations

96
star
21

PenTest-Consulting-Creator

Repository with some necessary information for you to create your PenTest consultancy
91
star
22

PenTest-Certifications-Roadmap

83
star
23

Buffer-Overflow-Labs

Practice Labs
80
star
24

Awesome-Exploit-Development

73
star
25

OSCP-in-one-month

72
star
26

RedTeam-Scripts

PowerShell
71
star
27

BadPDF-Generator

Python
64
star
28

Template-CherryTree-PenTest

62
star
29

Adversary-Emulation-Matrix

59
star
30

Web-PenTest-Checklist

48
star
31

Windows-API-for-Red-Team

Python
48
star
32

Facial-Recognition-PenTest-Checklist

47
star
33

PenTest-Report-Collection

41
star
34

CyberSecurityUP

Hack
40
star
35

CyberSecurity-LinkedIn-Materials

34
star
36

Information-Security-Certifications-Map

29
star
37

Powershell-for-PenTest

28
star
38

smart-contracts-audit-checklist

25
star
39

Hackthebox-Privilege-Escalation

24
star
40

Osint-Social-Mapping

OSINT mapping using Twitter, Ficklr, Shodan and Insecam
Python
22
star
41

AV-Bypass-codes

Python, C++ and Go
C++
21
star
42

Windows-Defender-DLL-Hijacking

C++
20
star
43

PhantomsGate

PhantomsGate: Advanced Shellcode Injection Technique
C++
20
star
44

Bug-Bounty-Dorks-Vulns

19
star
45

python-for-hackers

Python
19
star
46

Cybersecurity-Certifications-Guide

19
star
47

Web-PenTest-Resume-Tips

19
star
48

Fuxsociety

Fuxsociety Mr Robot 2.1
Python
18
star
49

CRPYA

Challenge Python
Python
18
star
50

Mitre-Attack-Matrix

17
star
51

Cracking-The-Perimeter-Framework

New Framework Red Team Operations
17
star
52

shellcode-runner-rust

Simple Shellcode Runner in Rust Language
Rust
17
star
53

AWS-Cloud-Practicioner-Notes

15
star
54

PyDorkGPT

Google Hacking using Prompt ChatGPT
Python
14
star
55

Trevorfuscation

A tool that automates the trevorc2 powershell agent obfuscation process with the pyfuscation tool
Shell
14
star
56

Adversary-Emulation-Guide

14
star
57

Cyber-Security-Contents

14
star
58

Physical-PenTest-Methodology

Basic guide for performing a Physical PenTest - Nist 800-12, 800-53, 800-115, 800-152
14
star
59

GCP-Adversary-Emulator

Comprehensive adversary emulation tool for security testing on Google Cloud Platform (GCP) environments.
Python
14
star
60

OSWP-Automated-tools

Shell
13
star
61

Python-Introduction

Python
13
star
62

backup-fu

Automatic cloud backup of Kali Linux data
Shell
12
star
63

Harden-Fu

Shell
11
star
64

C2Matrix-Automation

C2Matrix Automation
Shell
11
star
65

HermitPurple-Maltegoce

Finding Missing People, extract information in Dark Web and Surfaceweb Investigation and Human Trafficking Support
Python
11
star
66

k8senumeration

Kubernetes, Clusters and Dockers Enumeration in GCP and AWS environments
Python
11
star
67

LiesGate

C++
11
star
68

HunterX

King of Bug Bounty Tips Simple Tool
Shell
10
star
69

Malware-Analysis-Exercises

10
star
70

ISO-27002-Document

10
star
71

Ransomware-Codes

Educational repository with source code examples
10
star
72

RansomwarePy

Ransomware Python
Python
7
star
73

TTPs-Mitre-Attack

7
star
74

Red-Team-Operations-Framework

Red Team Operations Framework
7
star
75

study-TI

Auxilios nos seus estudos e planejamento
6
star
76

Challenges

Challenge Inmetrics
HTML
6
star
77

Documentation-of-information-security

6
star
78

stalkfacebook1.0

Python
6
star
79

AWS-Cloud-Architect-Associate-Notes

6
star
80

Simple-Ransomwares

C++
6
star
81

AhmiaDomainExtractor-Maltegoce

Python
6
star
82

Application-Vulnerable

6
star
83

ProcessKiller-BYOVD

BYOVD Technique Example using viragt64 driver
C++
5
star
84

shellcode-templates

Assembly
5
star
85

Standards-and-Controls

5
star
86

facebookstalking2.0

Python
5
star
87

block-website

Bloqueador de website feito em python
Python
5
star
88

Suicide-Prevention-Map

Suicide Prevention Map using Google Place API and Google Search API
Python
5
star
89

SafeBuddy

APK Suicide Prevention
Java
5
star
90

MacInjector-Automated

MacInjector is a tool that lists macOS applications, checks code-signing vulnerabilities, and injects a dynamic library (dylib) into a vulnerable application.
Python
5
star
91

ReconFu

Scripts made in python to automate recognition
Python
5
star
92

DeepFakeDetect-URL

Detect if a photo is deepfake by passing the URL and analyzing
Python
5
star
93

JWTK-Exploits

Python
4
star
94

SilverEye-Twitter-Scraping

A tool created to scrape twitter using its own API
Python
4
star
95

Snake-AI

Edition Code for Python the AI
Python
4
star
96

owasp-asvs-checklist-portugues

4
star
97

reversescripts

Scripts para Engenharia Reversa
Python
4
star
98

CRTO-Study

Zeropoint Course CRTO
HTML
4
star
99

My-CVEs

4
star
100

SyscallHookDetector

C++
4
star