awesome-aws-security
cloudgoat
Our great sponsors
awesome-aws-security | cloudgoat | |
---|---|---|
2 | 8 | |
1,110 | 2,429 | |
- | 2.4% | |
4.8 | 7.0 | |
2 months ago | 7 days ago | |
Python | ||
GNU General Public License v3.0 only | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
awesome-aws-security
-
Help a DevSecOps brother out.
This awesome list has you covered for the time being: https://github.com/jassics/awesome-aws-security
- Practice Cloud Security
cloudgoat
-
Launch HN: Corgea (YC S23) – Auto fix vulnerable code
https://github.com/RhinoSecurityLabs/cloudgoat/blob/8ed1cf0e...
Is there something I'm missing?
-
The TISC 2022 Writeup
I tried viewing the other lambda function first, since it's a privilege with the lambda_agent role. I referred to here to help with the code.
- Cloud Pentesting Learning Resources
- CloudGoat
-
Has anyone took the AWS Pentesting Bootcamp on Pentester Academy?
https://github.com/RhinoSecurityLabs/cloudgoat Good alternative for low cost
-
Hide Your Keys Hide Your Data
Settle your horses. In this post, we will be using CloudGoat. CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool. It allows you to hone your cloud cybersecurity skills by creating and completing several "capture-the-flag" style scenarios. CloudGoat.
-
Pen testing advice
Tryhackme and hackthebox are nice (vulnhub as well), also good to spin up some VMs to test stuff/techniques on. Learn some programming as well. If you're doing cloud testing, Cloudgoat is pretty good (you'll need an aws account first). If web testing, Burpsuite is very helpful. If doing intranet testing, try familiarizing yourself with SysInternals, maybe also Bloodhound, Nmap, etc. Tbh pentesting is a big field in and of itself. Might sometimes feel a bit overwhelming.
- Practice Cloud Security
What are some alternatives?
cloudsplaining - Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
BloodHound - Six Degrees of Domain Admin
awesome-cloud-security - A curated list of awesome cloud security blogs, podcasts, standards, projects, and examples.
botocore - The low-level, core functionality of boto3 and the AWS CLI.
personal-security-checklist - 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
crc32 - CRC32 tools: reverse, undo/rewind, and calculate hashes
awesome-security - A collection of awesome ethical hacking and security related content!
juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application