mertcancoskuner's Stars
gruntwork-io/terratest
Terratest is a Go library that makes it easier to write automated tests for your infrastructure code.
cloudquery/cloudquery
The developer first cloud governance platform
mandiant/capa
The FLARE team's open-source tool to identify capabilities in executable files.
clong/DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
cilium/tetragon
eBPF-based Security Observability and Runtime Enforcement
ambionics/phpggc
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
lyft/cartography
Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.
m0bilesecurity/RMS-Runtime-Mobile-Security
Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
jthuraisamy/SysWhispers2
AV/EDR evasion via direct system calls.
vxunderground/VX-API
Collection of various malicious functionality to aid in malware development
evilsocket/legba
A multiprotocol credentials bruteforcer / password sprayer and enumerator. 🥷
klezVirus/SysWhispers3
SysWhispers on Steroids - AV/EDR evasion via direct system calls.
am0nsec/HellsGate
Original C Implementation of the Hell's Gate VX Technique
DataDog/KubeHound
Tool for building Kubernetes attack paths
secureCodeBox/secureCodeBox
secureCodeBox (SCB) - continuous secure delivery out of the box
struppigel/PortEx
Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness
step-security/github-actions-goat
GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
awslabs/snapchange
Lightweight fuzzing of a memory snapshot using KVM
DataDog/managed-kubernetes-auditing-toolkit
All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments. Currently supports Amazon EKS.
google/gcp_scanner
A comprehensive scanner for Google Cloud
padok-team/yatas
:owl::mag_right: A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration
synacktiv/nord-stream
Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.
ermetic-research/cnappgoat
CNAPPgoat is an open source project designed to modularly provision vulnerable-by-design components in cloud environments.
unknownhad/CloudIntel
This repo contains IOC, malware and malware analysis associated with Public cloud
invictus-ir/Invictus-AWS
A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of incident response.
RoseSecurity/WolfPack
WolfPack combines the capabilities of Terraform and Packer to streamline the deployment of red team redirectors on a large scale.
oracle/macaron
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detect malicious Python packages, or check conformance to frameworks, such as SLSA. Documentation:
boostsecurityio/lotp
boostsecurityio/lotp
SecuraBV/jws2pubkey
jws2pubkey tool
PankajMoolrajani/PermCutter
Spec and Sample code for Identifying and Reducing Permission Explosion