#bugbounty #cloud
Sometimes, you may find such directories with interesting data and try to dig deeper
https://notsosecure.com/hacking-aws-cognito-misconfigurations/
Sometimes, you may find such directories with interesting data and try to dig deeper
https://notsosecure.com/hacking-aws-cognito-misconfigurations/
NotSoSecure
Hacking AWS Cognito Misconfigurations
In this blog, Sunil Yadav, our lead trainer for “Advanced Web Hacking” training class, will discuss a case study of AWS account takeover via misconfigured AWS Cognito. TL;DR The application under
CloudSploit
CloudSploit's remediation guides are intended to be an open-source resource for improving cloud security. Many cloud IaaS providers like AWS, Azure, and Google Cloud have a shared responsibility model. They provide the physical and architectural security, along with tools to properly secure the services they offer, but it is up to the user to configure those settings properly.
https://github.com/aquasecurity/cloud-security-remediation-guides
#cloud #security #remediation #blueteam
CloudSploit's remediation guides are intended to be an open-source resource for improving cloud security. Many cloud IaaS providers like AWS, Azure, and Google Cloud have a shared responsibility model. They provide the physical and architectural security, along with tools to properly secure the services they offer, but it is up to the user to configure those settings properly.
https://github.com/aquasecurity/cloud-security-remediation-guides
#cloud #security #remediation #blueteam
GitHub
GitHub - aquasecurity/cloud-security-remediation-guides: Security Remediation Guides
Security Remediation Guides. Contribute to aquasecurity/cloud-security-remediation-guides development by creating an account on GitHub.
DetectionLab
DetectionLab is a repository containing a variety of Packer, Vagrant, Powershell, Ansible, and Terraform scripts that allow you to automate the process of bringing an ActiveDirectory environment online complete with logging and security tooling using a variety of different platforms.
DetectionLab can currently be deployed to the following platforms:
— Virtualbox (Windows, MacOS, Linux)
— VMware Workstation/Fusion (Windows, MacOS, Linux)
— HyperV
— ESXi
— AWS
— Azure
— LibVirt (Not officially supported)
— Proxmox (Not officially supported)
https://detectionlab.network/
#lab #cloud #blueteam #redteam
DetectionLab is a repository containing a variety of Packer, Vagrant, Powershell, Ansible, and Terraform scripts that allow you to automate the process of bringing an ActiveDirectory environment online complete with logging and security tooling using a variety of different platforms.
DetectionLab can currently be deployed to the following platforms:
— Virtualbox (Windows, MacOS, Linux)
— VMware Workstation/Fusion (Windows, MacOS, Linux)
— HyperV
— ESXi
— AWS
— Azure
— LibVirt (Not officially supported)
— Proxmox (Not officially supported)
https://detectionlab.network/
#lab #cloud #blueteam #redteam
Free Labs to Learn Cloud Penetration Testing
http://flaws.cloud/
http://flaws2.cloud/
https://github.com/OWASP/Serverless-Goat
https://n0j.github.io/2017/10/02/aws-s3-ctf.html
https://github.com/torque59/AWS-Vulnerable-Lambda
https://github.com/wickett/lambhack
https://github.com/BishopFox/iam-vulnerable
https://github.com/RhinoSecurityLabs/cloudgoat
https://github.com/appsecco/attacking-cloudgoat2
https://github.com/m6a-UdS/dvca
https://github.com/OWASP/DVSA
https://github.com/nccgroup/sadcloud
#cloud #aws #pentest
http://flaws.cloud/
http://flaws2.cloud/
https://github.com/OWASP/Serverless-Goat
https://n0j.github.io/2017/10/02/aws-s3-ctf.html
https://github.com/torque59/AWS-Vulnerable-Lambda
https://github.com/wickett/lambhack
https://github.com/BishopFox/iam-vulnerable
https://github.com/RhinoSecurityLabs/cloudgoat
https://github.com/appsecco/attacking-cloudgoat2
https://github.com/m6a-UdS/dvca
https://github.com/OWASP/DVSA
https://github.com/nccgroup/sadcloud
#cloud #aws #pentest
GitHub
GitHub - OWASP/Serverless-Goat: OWASP ServerlessGoat: a serverless application demonstrating common serverless security flaws
OWASP ServerlessGoat: a serverless application demonstrating common serverless security flaws - OWASP/Serverless-Goat
👍1
🦊 CloudFox
Security firm BishopFox has open-sourced on Tuesday a new security tool named CloudFox that can find exploitable attack paths in cloud infrastructure.
Blog:
https://bishopfox.com/blog/introducing-cloudfox
Tool:
https://github.com/BishopFox/cloudfox
#cloud #aws #pentest #tools
Security firm BishopFox has open-sourced on Tuesday a new security tool named CloudFox that can find exploitable attack paths in cloud infrastructure.
Blog:
https://bishopfox.com/blog/introducing-cloudfox
Tool:
https://github.com/BishopFox/cloudfox
#cloud #aws #pentest #tools
🔥5