Pinned Repositories
ATTACK-Python-Client
Python Script to access ATT&CK content available in STIX via a public TAXII server
Empire-XSS-Files
Someone tried to push a fake Tor Browser update via XSS injection on Empire Market profiles.
gitoops
all paths lead to clouds
my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
OSCP-Prep
A list of the resources I used as a prepared for the PWK course
r00kie-kr00kie
PoC exploit for the CVE-2019-15126 kr00k vulnerability
vpn-rotator
client software for automated rotate vpns
totoroha's Repositories
totoroha/gitoops
all paths lead to clouds
totoroha/aardvark
Aardvark is a multi-account AWS IAM Access Advisor API
totoroha/AirIAM
Least privilege AWS IAM Terraformer
totoroha/AppSec_Interview_QnA
Common Security Interview Questions with Answers
totoroha/awesome-appsec
A curated list of resources for learning about application security
totoroha/awesome-k8s-security
A curated list for Awesome Kubernetes Security resources
totoroha/awesome-kubernetes
A curated list for awesome kubernetes projects, tools and resources.
totoroha/aws-cf-templates
Free Templates for AWS CloudFormation
totoroha/aws-pentesting-lab
Pentesting lab with a Kali Linux instance accessible via ssh & wireguard VPN and with vulnerable instances in a private subnet
totoroha/AWS-Pentesting-Notes
totoroha/aws-rotate-iam-keys
Rotate your IAM Keys to be in compliance with security best practices
totoroha/aws-security-workshops
A collection of the latest AWS Security workshops
totoroha/aws-waf-security-automations
This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.
totoroha/aws-well-architected-labs
Hands on labs and code to help you learn, measure, and build using architectural best practices.
totoroha/aws_security_tools
Scripts and tools for AWS Pentest
totoroha/carvel
Carvel provides a set of reliable, single-purpose, composable tools that aid in your application building, configuration, and deployment to Kubernetes. This repo lists Carvel-related repos.
totoroha/challenges
Source code from some of the challenges that were presented at http://montrehack.ca
totoroha/Cloud-pentest
Resources to learn cloud environment and pentesting the same, contains AWS, Azure, Google Cloud
totoroha/endgame
An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈
totoroha/iamlive
Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy
totoroha/pacu
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
totoroha/PENTESTING-BIBLE-1
totoroha/pipeline_templates
Templates for use in build and release pipelines
totoroha/policy_sentry
IAM Least Privilege Policy Generator
totoroha/repokid
AWS Least Privilege for Distributed, High-Velocity Deployment
totoroha/Security-Research
Exploits written by the Rhino Security Labs team
totoroha/SIGMA-detection-rules
Set of SIGMA rules (>250) mapped to MITRE Att@k tactic and techniques
totoroha/the-art-of-command-line
Master the command line, in one page
totoroha/Trusted-Advisor-Tools
The sample functions provided help to automate AWS Trusted Advisor best practices using Amazon Cloudwatch events and AWS Lambda.
totoroha/Windows-auditing-mindmap
Set of Mindmaps providing a detailed overview of the different #Windows auditing capacities and event log files.