Light

cybersecurityup / awesome-cloud-pentest Goto Github PK

View Code? Open in Web Editor NEW

654.0 27.0 181.0 201 KB

awesome-cloud-pentest's Introduction

Awesome-Cloud-PenTest

Cloud PenTest - AWS and Azure by Joas

What is AWS

Extras Resources

My Social Networks

What is Azure

PenTest Policy

PenTest in AWS

AWS Security

PenTest in Azure

Enumeration
o365creeper - Enumerate valid email addresses
CloudBrute - Tool to find a cloud infrastructure of a company on top Cloud providers
cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud
Azucar - Security auditing tool for Azure environments
CrowdStrike Reporting Tool for Azure (CRT) - Query Azure AD/O365 tenants for hard to find permissions and configuration settings
ScoutSuite - Multi-cloud security auditing tool. Security posture assessment of different cloud environments.
BlobHunter - A tool for scanning Azure blob storage accounts for publicly opened blobs
Grayhat Warfare - Open Azure blobs and AWS bucket search
Information Gathering
o365recon - Information gathering with valid credentials to Azure
Get-MsolRolesAndMembers.ps1 - Retrieve list of roles and associated role members
ROADtools - Framework to interact with Azure AD
PowerZure - PowerShell framework to assess Azure security
Azurite - Enumeration and reconnaissance activities in the Microsoft Azure Cloud
Sparrow.ps1 - Helps to detect possible compromised accounts and applications in the Azure/M365 environment
Hawk - Powershell based tool for gathering information related to O365 intrusions and potential breaches
Microsoft Azure AD Assessment - Tooling for assessing an Azure AD tenant state and configuration
Lateral Movement
Stormspotter - Azure Red Team tool for graphing Azure and Azure Active Directory objects
AzureADLateralMovement - Lateral Movement graph for Azure Active Directory
SkyArk - Discover, assess and secure the most privileged entities in Azure and AWS
Exploitation
MicroBurst - A collection of scripts for assessing Microsoft Azure security
azuread_decrypt_msol_v2.ps1 - Decrypt Azure AD MSOL service account
Credential Attacks
- MSOLSpray - A password spraying tool for Microsoft Online accounts (Azure/O365)
- MFASweep - A tool for checking if MFA is enabled on multiple Microsoft Services Resources
- adconnectdump - Dump Azure AD Connect credentials for Azure AD and Active Directory
Abusing Azure AD SSO with the Primary Refresh Token
Abusing dynamic groups in Azure AD for Privilege Escalation
Attacking Azure, Azure AD, and Introducing PowerZure
Attacking Azure & Azure AD, Part II
Azure AD Connect for Red Teamers
Azure AD Introduction for Red Teamers
Azure AD Pass The Certificate
Azure AD privilege escalation - Taking over default application permissions as Application Admin
Defense and Detection for Attacks Within Azure
Hunting Azure Admins for Vertical Escalation
Impersonating Office 365 Users With Mimikatz
Lateral Movement from Azure to On-Prem AD
Malicious Azure AD Application Registrations
Moving laterally between Azure AD joined machines
CrowdStrike Launches Free Tool to Identify and Help Mitigate Risks in Azure Active Directory
Privilege Escalation Vulnerability in Azure Functions
Azure Application Proxy C2
Recovering Plaintext Passwords from Azure Virtual Machines like It’s the 1990s
Azure Articles from NetSPI
Azure Cheat Sheet on CloudSecDocs
Resources about Azure from Cloudberry Engineering
Resources from PayloadsAllTheThings
Encyclopedia on Hacking the Cloud - (No content yet for Azure)
azure-security-lab - Securing Azure Infrastructure - Hands on Lab Guide
AzureSecurityLabs - Hands-on Security Labs focused on Azure IaaS Security
Building Free Active Directory Lab in Azure
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/security/fundamentals/pen-testing.md
https://github.com/swiftsolves-msft/AzurePenTestScope

Azure Security

awesome-cloud-pentest's People

Contributors

Stargazers

Watchers

Forkers

pentestw0rkerbit0 juniorcesar rapalaakhil hax0rg1rl royaflash dark0x10 cassimahmedattia luvp rosodam dusmana jotaah123 diracspace c0deur hakimkt thashahid hien slooppe ondrik8 i-sylar cybernewbies bbhunter jmzsec wyttee ak4l3r3 sandeepk17 saikrishnadm cheahengsoon polling-repo-continua securitytech101 sull1v4nx rehanmumtaz123 sudoninja-noob hell0scp pelican9091 marcostolosa dc-avasilev ift3k snehithpremraj bsgill12 ikszero fourteenminusone k4ll4h4r1sh-ltc chiranjibagri syh4ck whalito kidz0702 re-expoc johann-smith u-ahmedofficial 19anand90 marceloeatworld joel-correa alodha100 radhakrishnanr9 katgalraghu azureandsecurityotaku arunkpskpm tools-haus marcosrgd takester cache-bounty nejibnbm rafiq0007 17ack312 3lch3dar ercex 0xsojalsec saumyajeetdas rafaelnett joseraeiro abdibimantara syedds joymondal badalshiva security-champions-beta dreesc stivenhacker 16public thelivestep cybersissons danielsantoslgo abdulmutal sakibulalikhan rubenszimbres bhavin56 bravery9 arya772 magespawn walking-appa byt3d3f3nd3r attacker-codeninja udahacker chanpu9 walexzzy kareypyer ankushgoel27 aungthuaye ideasfoundry p-star1471 erencar

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.