A tool to uncover undocumented APIs from the AWS Console.

Find CVE PoCs on GitHub

List of regex for scraping secret API keys and juicy information.

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clu…

RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers (CSPs)

This is a custom SSM agent which is sorta functional

Hide from the InstanceCredentialExfiltration GuardDuty finding by using VPC Endpoints

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF

Microsoft Entra ID App Audit Solution (AADAppAudit)

☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

Send phishing messages and attachments to Microsoft Teams users

Centralize orphan resources in Azure environments

This repository contains custom Azure Policies for Azure Container Apps.

MPD, Volumio, RuneAudio and Moode OLED status and spectrum display for Raspberry Pi (and similar)

An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

Community Security Analytics provides a set of community-driven audit & threat queries for Google Cloud

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Watch k8s events and trigger Handlers

Protect and discover secrets using Gitleaks 🔑

Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to by…

Turn (almost) any Python command line program into a full GUI application with one line

A collection of scripts for assessing Microsoft Azure security

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Azure AD Identity Protection Cookie Spoofing

My musings with PowerShell