Cloud

RESTler – The First Stateful REST API Fuzzing Tool For Automatically Testing Cloud Services Through Their REST APIs And Finding Security And Reliability Bugs In These Services

09 Dec 2020 By

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service with an OpenAPI/Swagger specification, RESTler analyzes its entire specification, and then generates and executes tests that exercise the service through its REST API.Read More

Terrascan – Detect Compliance And Security Violations Across Infrastructure As Code To Mitigate Risk Before Provisioning Cloud Native Infrastructure

01 Dec 2020 By

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. GitHub Repo: https://github.com/accurics/terrascan Documentation: https://docs.accurics.com Discuss: https://community.accurics.com Features 500+ Policies for security best practices Scanning of Terraform 12+ (HCL2) Scanning of Kubernetes (JSON/YAML), Helm v3, and Kustomize v3 Support for AWS, Azure, GCP, Kubernetes and GitHub Installing Terrascan’sRead More

Leonidas – Automated Attack Simulation In The Cloud, Complete With Detection Use Cases

12 Nov 2020 By

Leonidas is a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties. These definitions can then be compiled into: A web API exposing each test case as an individual endpoint Sigma rules (https://github.com/Neo23x0/sigma) for detection Documentation –Read More

PurpleCloud – An Infrastructure As Code (IaC) Deployment Of A Small Active Directory Pentest Lab In The Cloud

08 Sep 2020 By

Pentest Cyber Range for a small Active Directory Domain. Automated templates for building your own Pentest/Red Team/Cyber Range in the Azure cloud! Purple Cloud is a small Active Directory enterprise deployment automated with Terraform / Ansible Playbook templates to be deployed in Azure. Purple Cloud also includes an adversary node implemented as a docker containerRead More

VPS-Docker-For-Pentest – Create A VPS On Google Cloud Platform Or Digital Ocean Easily With The Docker For Pentest

06 Sep 2020 By

Create a VPS on Google Cloud Platform or Digital Ocean easily with the docker for pentest included to launch the assessment to the target. Requirements Terraform installed Ansible installed SSH private and public keys Google Cloud Platform or Digital Ocean account. Usage 1.- Clone the repository git clone –depth 1 https://github.com/aaaguirrep/vps-docker-for-pentest.git vpscd vps 2.- CredentialsRead More

Cloudtopolis – Cracking Hashes In The Cloud For Free

26 Jun 2020 By

Cloudtopolis is a tool that facilitates the installation and provisioning of Hashtopolis on the Google Cloud Shell platform, quickly and completely unattended (and also, free!).RequirementsHave 1 Google account (at least). InstallationCloudtopolis installation is carried out in two phases: Phase 1Access Google Cloud Shell from the following link:https://ssh.cloud.google.com/cloudshell/editor?hl=es&fromcloudshell=true&shellonly=trueThen, run the following commands: wget https://raw.githubusercontent.com/JoelGMSec/Cloudtopolis/master/Cloudtopolis.shchmod +x Cloudtopolis.sh./Cloudtopolis.shRead More

Parsec – Secure Cloud Framework

05 May 2020 By

Homepage: https://parsec.cloudDocumentation: https://parsec-cloud.readthedocs.org.Parsec is a free software (AGPL v3) aiming at easily share your work and data in the cloud in total privacy thanks to cryptographic security. Key features: Works as a virtual drive on you computer. You can access and modify all the data stored in Parsec with your regular softwares just like youRead More

Serverless Prey – Serverless Functions For Establishing Reverse Shells To Lambda, Azure Functions, And Google Cloud Functions

11 Apr 2020 By

Serverless Prey is a collection of serverless functions (FaaS), that, once launched to a cloud environment and invoked, establish a TCP reverse shell, enabling the user to introspect the underlying container: Panther: AWS Lambda written in Node.js Cougar: Azure Function written in C# Cheetah: Google Cloud Function written in Go This repository also contains researchRead More

X