Repokid
Repokid uses Access Advisor provided by Aardvark to remove permissions granting access to unused services from the inline policies of IAM roles in an AWS account. Getting Started: - Install mkvirtualenv repokid - git clone git@github.com:Netflix/repokid.git - cd repokid - pip install -e . - repokid config config.json DynamoDB: - You will need a DynamoDB table called repokid_roles (specify account and endpoint in dynamo_db in config file). - The table should have RoleId (string) as a primary partition key, no primary sort key. - A global secondary index named Account with a primary partition key of Account and RoleId and Account as projected attributes. - A global secondary index named RoleName with a primary partition key of RoleName and RoleId and RoleName as projected attributes. - For development, you can run dynamo locally. To run locally: docker-compose up. The endpoint for DynamoDB will be http://localhost:8000. A DynamoDB admin panel can be found at http://localhost:8001. If you run the development version the table and index will be created for you automatically. IAM Permissions: - Repokid needs an IAM Role in each account that will be queried.
FEATURES
ALTERNATIVES
A comprehensive resource for securing Active Directory, including attack methods and effective defenses.
CLI for generating AWS IAM policy documents, SAM policy templates or SAM Connectors
Zoho Vault is a secure password management tool that allows you to store and automatically fill in passwords on websites and apps.
A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.
Encrypt Kubernetes Secrets into SealedSecrets for safe storage and controlled decryption within the cluster.
A list of Windows privilege escalation techniques, categorized and explained in detail.
Akamai MFA is a cloud-based multi-factor authentication solution using FIDO2 standard to secure workforce logins across various applications through smartphone push notifications.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.