pacu
aws-well-architected-labs
pacu | aws-well-architected-labs | |
---|---|---|
10 | 4 | |
4,037 | 1,948 | |
1.4% | 0.7% | |
8.6 | 7.1 | |
2 days ago | 19 days ago | |
Python | Python | |
BSD 3-clause "New" or "Revised" License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pacu
-
De um mimo até a elevação de privilégios na Cloud
Pra isso, usei a belíssima ferramenta Pacu https://github.com/RhinoSecurityLabs/pacu.
-
Should I be afraid of aws cloud as a security analyst?
ScoutSuite and Pacu (or Lava for Azure) are great tools and it's worth learning what they can do.
-
How do I build a network on AWS to capture flow data?
Not related to your original question, but you might want to take a look at pacu for simulating attacks.
- Pacu: The Open Source AWS Exploitation Framework
-
New Tools in Kali Linux 2021.2
CloudBrute - To find company(mostly cloud hence the name) infrastructure files and arch to a certain extent Dirsearch - Yet another web app path scanner like Gobuster/Dirbuster FeroxBuster - Rust based tool to perform forced browsing(read about it on GitHub Ghidra - Binary disassembler and decompiler (alternatives are gdb and ISA) Pacu - AWS exploitation framework GitHub Pirates - Kali package tracker(maybe like yay or pacman,not too sure on that one) quark-engine - android malware analysis system here Viscose - very popular and good code editor
- 🏹 Pacu: Framework de explotación de AWS #SeguridadOfensiva
-
Conducting a vulnerability scan on an AWS VPC
We're starting to work with Pacu for AWS testing. It's a bit more targeted to exploitation than vulnerability testing. https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/
- RhinoSecurityLabs/pacu - The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
aws-well-architected-labs
-
AWS costs every programmer should know (2019)
AZs are connected via normal user visible networks, you can just break those. They even provide examples, https://github.com/awslabs/aws-well-architected-labs/tree/ma...
Those are basic (don't cover flapping or glacial-speed slowdown degradation modes etc) but a starting point at least.
-
Recommend Open Source Terraform Code deploying Azure / AWS / GCP - For me to read and learn
read up on aws well architected framework and you'll find github/gitlab code for terraform to follow this structure https://rst.software/blog/2020/08/the-5-pillars-of-the-aws-well-architected-framework-i-operational-excellence/ https://github.com/awslabs/aws-well-architected-labs
- awslabs/aws-well-architected-labs: Hands on labs and code to help you learn, measure, and build using architectural best practices.
-
Best practice and cost optimization
AWS Well architected labs: https://github.com/awslabs/aws-well-architected-labs
What are some alternatives?
ScoutSuite - Multi-Cloud Security Auditing Tool
feroxbuster - A fast, simple, recursive content discovery tool written in Rust.
prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
AWSXenos - AWSXenos will list all the trust relationships in all the IAM roles and S3 buckets
bless - Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function
lava - Microsoft Azure Exploitation Framework
chaostoolkit - Chaos Engineering Toolkit & Orchestration for Developers
quark-engine - Dig Vulnerabilities in the BlackBox
siem-on-amazon-opensearch-service - A solution for collecting, correlating and visualizing multiple types of logs to help investigate security incidents.
endgame - An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈
handbook.vantage.sh - The Cloud Cost Handbook is a free, open-source, community-supported set of guides meant to help explain often-times complex pricing of public cloud infrastructure and service providers in plain english.