6mile

Software Supply Chain Offensive Security. Vulnerability research and DevSecOps OG.

@SecureStackCo Australia

Pinned Repositories

6mile
About me!
5 3 00
ami_finder
Find your ami_id's for all regions for your products in the AWS Marketplace
Language:Shell2 3 00
awesome-api-security
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
2 1 00
awesome-cicd-attacks
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
2 0 00
commit-audit
Shell script that checks if git commits are signed
Language:Shell7 2 03
DarkMass
Automated recon optimized for fast, efficient mass scanning
Language:Shell4 3 02
DevSecOps-Playbook
This is a step-by-step guide to implementing a DevSecOps program for any size organization
2k 79 4329
git-hunter
Find threats in your source code
Language:Shell4 2 01
ossec_automation
bash scripts and puppet code to install/uninstall OSSEC
Language:Shell1 3 01
Redhat2Cent
Redhat2Cent version 1.1
Language:Shell0 2 00

6mile's Repositories

6mile/DevSecOps-Playbook
This is a step-by-step guide to implementing a DevSecOps program for any size organization
2k 79 4329
6mile/commit-audit
Shell script that checks if git commits are signed
Language:Shell7 2 03
6mile/DarkMass
Automated recon optimized for fast, efficient mass scanning
Language:Shell4 3 02
6mile/git-hunter
Find threats in your source code
Language:Shell4 2 01
6mile/awesome-cicd-attacks
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
2 0 00
6mile/buildkite-agent
The Buildkite Agent is an open-source toolkit written in Go for securely running build jobs on any device or network
Language:Go1 1 00
6mile/cloud-headers
This is a authoratative listing of all the HTTP headers used by the major cloud providers
1 2 0
6mile/CloudShovel
A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where we scanned 20k+ public AMIs.
Language:Python1 0 0
6mile/CodeReviewWorkshop
Materials for "The Art of Finding Security Vulnerabilities in Code" workshop
1 0 0
6mile/anon-fork
anonymous forking via a simple bash script
Language:Shell1 0
6mile/APAC-Conferences
A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.
1 0
6mile/books
📚 I've captured the responses from various discussions of movies, tv shows, books and events that infosec peeps love.
0 0
6mile/bsides
Language:CSS2 0
6mile/bun
Incredibly fast JavaScript runtime, bundler, test runner, and package manager – all in one
Language:Zig1 0
6mile/code-puppets
Code Puppets are sock puppets that malicious actors use to attack the software supply chain
1 0
6mile/CVTCAT
Community Validated Tasks for Cybersecurity Assessment & Training
1 0
6mile/fake-git-history
Generate Git commits.
Language:JavaScript0 0
6mile/free-training
Free training resources
1 0
6mile/github-action-injection-attack
This is a GitHub repository to explain how the GitHub Action injection attack works
6mile/gitlab-version-nse
Nmap script to guess* a GitLab version.
Language:Python0 0
6mile/hijagger
Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration
6mile/malicious-packages
A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
Language:Go
6mile/obfuscation-detector
Detect different types of JS obfuscation by their AST structure
Language:JavaScript0 0
6mile/OctoC2t
Simple C2 using GitHub repository as comms channel.
6mile/polyfill-service
Automatic polyfill service.
6mile/priscope
A security tool designed to help review merged code changes to open source maintained repositories via LLM assisted review to safeguard against supply chain attacks
6mile/ps-scan-Prestashop-scanner
This tool serves as an initial version scanner specifically designed for PrestaShop, a popular e-commerce platform. The primary purpose of the scanner is to analyze PrestaShop instances for various aspects, such as module information, version details, and potential security vulnerabilities.
6mile/repo-swatting
A new type of attack called "repo swatting" that targets users on GitLab, GitHub and Gitea. This attack is incredibly easy to perform and deletes software repos and gets the targeted user banned.
6mile/tvpo
Target, Value, Patterns and Objectives (TVPO) - A flexible threat modelling framework for the software supply chain
2 0
6mile/www-revent-appsec-pacific-northwest-security-conference
OWASP Foundation Web Respository
Language:HTML