Security Operations for Aws

A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.

A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.

A Python module for orchestrating remote forensic data acquisition and analysis from Linux instances using Amazon SSM.

An AWS incident response framework that uses Athena to analyze CloudTrail events and EventBridge for notifications to investigate API activity and detect security misconfigurations.

A Python-based red team toolkit that leverages AWS boto3 SDK to perform offensive operations including credential extraction and file exfiltration from EC2 instances.

A post-exploitation framework for attacking AWS infrastructure, enabling attacks on EC2 instances without SSH keypairs and extraction of AWS secrets and parameters.

A serverless application that creates and monitors fake HTTP endpoints as honeytokens to detect attackers, malicious insiders, and automated threats.

CloudCopy implements a cloud version of the Shadow Copy attack to extract domain user hashes from AWS-hosted domain controllers by creating and mounting volume snapshots.

CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.

SIFT is a digital forensics toolkit that provides installation management, task execution, and machine image building capabilities for forensic investigations on Ubuntu systems.

Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.

A Python tool that analyzes AWS CloudTrail data to summarize IAM principal activities, API calls, regions, IP addresses, and user agents with configurable timeframes and visualization options.

A collection of AWS-native scripts and automation tools for DevSecOps, incident response, and security remediation in cloud environments.

A project for demonstrating AWS attack techniques with a focus on ethical hacking practices.

BinaryAlert is an open-source serverless AWS pipeline that automatically scans files uploaded to S3 buckets with YARA rules and generates immediate alerts when malware is detected.

A distributed systems simulator that creates intentionally vulnerable Kubernetes clusters in AWS for security training and attack scenario practice.

A Terraform tool that creates intentionally misconfigured AWS infrastructure with 84 vulnerabilities across 22 services for security training and testing purposes.

A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.

A tutorial on setting up Dionaea on an EC2 instance in 20 minutes

CloudGoat is a vulnerable-by-design AWS deployment tool that creates intentionally insecure cloud environments for hands-on cybersecurity training through capture-the-flag scenarios.

Lambda-Proxy is a utility that enables SQL injection testing of AWS Lambda functions by converting SQLMap HTTP attacks into Lambda invoke calls through a local proxy.

A forensics toolkit for collecting digital evidence from Google Cloud Platform, Microsoft Azure, and Amazon Web Services during incident response investigations.

Documentation of an AWS IAM privilege escalation technique that exploits the iam:CreatePolicyVersion permission to gain elevated access through policy manipulation.

AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.