Giter VIP home page Giter VIP logo

awesome-cloud-pentest's Introduction

Awesome-Cloud-PenTest

Cloud PenTest - AWS and Azure by Joas

What is AWS

Extras Resources

My Social Networks

What is Azure

PenTest Policy

PenTest in AWS

AWS Security

PenTest in Azure

  • Enumeration

  • o365creeper - Enumerate valid email addresses

  • CloudBrute - Tool to find a cloud infrastructure of a company on top Cloud providers

  • cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud

  • Azucar - Security auditing tool for Azure environments

  • CrowdStrike Reporting Tool for Azure (CRT) - Query Azure AD/O365 tenants for hard to find permissions and configuration settings

  • ScoutSuite - Multi-cloud security auditing tool. Security posture assessment of different cloud environments.

  • BlobHunter - A tool for scanning Azure blob storage accounts for publicly opened blobs

  • Grayhat Warfare - Open Azure blobs and AWS bucket search

  • Information Gathering

  • o365recon - Information gathering with valid credentials to Azure

  • Get-MsolRolesAndMembers.ps1 - Retrieve list of roles and associated role members

  • ROADtools - Framework to interact with Azure AD

  • PowerZure - PowerShell framework to assess Azure security

  • Azurite - Enumeration and reconnaissance activities in the Microsoft Azure Cloud

  • Sparrow.ps1 - Helps to detect possible compromised accounts and applications in the Azure/M365 environment

  • Hawk - Powershell based tool for gathering information related to O365 intrusions and potential breaches

  • Microsoft Azure AD Assessment - Tooling for assessing an Azure AD tenant state and configuration

  • Lateral Movement

  • Stormspotter - Azure Red Team tool for graphing Azure and Azure Active Directory objects

  • AzureADLateralMovement - Lateral Movement graph for Azure Active Directory

  • SkyArk - Discover, assess and secure the most privileged entities in Azure and AWS

  • Exploitation

  • MicroBurst - A collection of scripts for assessing Microsoft Azure security

  • azuread_decrypt_msol_v2.ps1 - Decrypt Azure AD MSOL service account

  • Credential Attacks

    • MSOLSpray - A password spraying tool for Microsoft Online accounts (Azure/O365)
    • MFASweep - A tool for checking if MFA is enabled on multiple Microsoft Services Resources
    • adconnectdump - Dump Azure AD Connect credentials for Azure AD and Active Directory

  • Abusing Azure AD SSO with the Primary Refresh Token

  • Abusing dynamic groups in Azure AD for Privilege Escalation

  • Attacking Azure, Azure AD, and Introducing PowerZure

  • Attacking Azure & Azure AD, Part II

  • Azure AD Connect for Red Teamers

  • Azure AD Introduction for Red Teamers

  • Azure AD Pass The Certificate

  • Azure AD privilege escalation - Taking over default application permissions as Application Admin

  • Defense and Detection for Attacks Within Azure

  • Hunting Azure Admins for Vertical Escalation

  • Impersonating Office 365 Users With Mimikatz

  • Lateral Movement from Azure to On-Prem AD

  • Malicious Azure AD Application Registrations

  • Moving laterally between Azure AD joined machines

  • CrowdStrike Launches Free Tool to Identify and Help Mitigate Risks in Azure Active Directory

  • Privilege Escalation Vulnerability in Azure Functions

  • Azure Application Proxy C2

  • Recovering Plaintext Passwords from Azure Virtual Machines like It’s the 1990s

  • Azure Articles from NetSPI

  • Azure Cheat Sheet on CloudSecDocs

  • Resources about Azure from Cloudberry Engineering

  • Resources from PayloadsAllTheThings

  • Encyclopedia on Hacking the Cloud - (No content yet for Azure)

  • azure-security-lab - Securing Azure Infrastructure - Hands on Lab Guide

  • AzureSecurityLabs - Hands-on Security Labs focused on Azure IaaS Security

  • Building Free Active Directory Lab in Azure

  • https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md

  • https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/security/fundamentals/pen-testing.md

  • https://github.com/swiftsolves-msft/AzurePenTestScope

Azure Security

awesome-cloud-pentest's People

Contributors

cybersecurityup avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.