Skip to content

syedMohtashim/awesome-cloud-security

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 
 
 

Repository files navigation


A curated list of awesome cloud security related resources.


Awesome Cloud Security

🛡️ Awesome Cloud Security Resources ⚔️

Contents

Standards

Compliances

Benchmarks

Tools

Infrastrcture

  • aws_pwn: A collection of AWS penetration testing junk
  • aws_ir: Python installable command line utility for mitigation of instance and key compromises.
  • aws-vault: A vault for securely storing and accessing AWS credentials in development environments.
  • awspx: A graph-based tool for visualizing effective access and resource relationships within AWS.
  • azucar: A security auditing tool for Azure environments
  • checkov: A static code analysis tool for infrastructure-as-code.
  • CloudBrute: A multiple cloud enumerator.
  • cloud-forensics-utils: A python lib for DF & IR on the cloud.
  • cloudlist: Listing Assets from multiple Cloud Providers.
  • cloudgoat: "Vulnerable by Design" AWS deployment tool.
  • Cloudmapper: Analyze your AWS environments.
  • cloudsplaining: An AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
  • Cloudsploit Scans: Cloud security configuration checks.
  • Cloud-custodian: Rules engine for cloud security, cost optimization, and governance.
  • cs suite: Tool for auditing the security posture of AWS/GCP/Azure.
  • dftimewolf: A multi-cloud framework for orchestrating forensic collection, processing and data export.
  • diffy: Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix.
  • ElectricEye: Continuously monitor AWS services for configurations.
  • Forseti security: GCP inventory monitoring and policy enforcement tool.
  • Hammer: A multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources.
  • kics: Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code.
  • Leonidas: A framework for executing attacker actions in the cloud.
  • Open policy agent: Policy-based control tool.
  • pacbot: Policy as Code Bot.
  • pacu: The AWS exploitation framework.
  • Prowler: Command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool.
  • ScoutSuite: Multi-cloud security auditing tool.
  • Security Monkey: Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
  • SkyArk: Tool to helps to discover, assess and secure the most privileged entities in Azure and AWS.
  • SkyWrapper: Tool helps to discover suspicious creation forms and uses of temporary tokens in AWS.
  • Smogcloud: Find cloud assets that no one wants exposed.
  • TerraGoat: Bridgecrew's "Vulnerable by Design" Terraform repository.
  • Terrascan: Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  • tfsec: Static analysis powered security scanner for Terraform code.
  • Zeus: AWS Auditing & Hardening Tool.

Container

  • auditkube: Audit for for EKS, AKS and GKE for HIPAA/PCI/SOC2 compliance and cloud security.
  • ccat: Cloud Container Attack Tool.
  • Falco: Container runtime security.
  • mkit: Managed kubernetes inspection tool.
  • Open policy agent: Policy-based control tool.

SaaS

Native tools

Reading Materials

AWS

  1. Overiew of AWS Security
  2. AWS-IAM-Privilege-Escalation by RhinoSecurityLabs: A centralized source of all AWS IAM privilege escalation methods.
  3. MITRE ATT&CK Matrices of AWS
  4. AWS security workshops

Azure

  1. Overiew of Azure Security
  2. Azure security fundamentals
  3. MicroBurst by NetSPI: A collection of scripts for assessing Microsoft Azure security
  4. MITRE ATT&CK Matrices of Azure
  5. Azure security center workflow automation

GCP

  1. Overiew of GCP Security
  2. GKE security scenarios demo
  3. MITRE ATT&CK Matrices of GCP
  4. Security response automation

Others

  1. Cloud Security Research by RhinoSecurityLabs
  2. CSA cloud security guidance v4
  3. Appsecco provides training

Resource

AWS

  1. Bucket search by grayhatwarfare

Others

  1. Mapping of On-Premises Security Controls vs. Major Cloud Providers Services

Contributing

See contributing

About

🛡️ Awesome Cloud Security Resources ⚔️

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published