Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
翻译 - 在配置云原生基础架构之前,将整个基础架构中的合规性和安全违规行为作为代码进行检测,以降低风险。
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
翻译 - Kubernetes山羊是一个“易受设计攻击的” Kubernetes集群。
A Central Control Plane for AWS Permissions and Access
翻译 - ConsoleMe将多个AWS账户的管理整合到一个界面中。 它允许您的最终用户和管理员获取您不同帐户的凭据,并允许您的用户/管理员管理或请求云权限。
Cloud Exploitation Framework 云环境利用框架,方便安全人员在获得 AK 的后续工作
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
翻译 - Cloudsplaining是一种AWS IAM安全评估工具,可识别违反最小特权的行为并生成风险优先报告。
Automating situational awareness for cloud penetration tests.
☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud
翻译 - ☁️ :zap:云的粒度、可操作的对手仿真。
An encyclopedia for offensive and defensive security knowledge in cloud native technologies.
翻译 - hackingthe.cloud的内容
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production...
翻译 - TerraGoat是Bridgecrew的“设计易受攻击” Terraform存储库。 TerraGoat是一个学习和培训项目,它演示了常见的配置错误如何将其发现到生产云环境中。
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & ...
Awesome cloud enumerator
翻译 - 很棒的云枚举器
SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS
翻译 - SkyArk帮助发现,评估和保护Azure和AWS中特权最高的实体
文章 Attack Code 的详细全文。安全和开发总是具有伴生属性,尤其是云的安全方向,本篇文章是希望能帮助到读者的云安全入门材料。Full text of the article Attack Code. Security and development always have concomitant attributes, and this is especially true with t...
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Find cloud assets that no one wants exposed 🔎 ☁️
翻译 - 查找没人想暴露的云资产🔎️