TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
-
Updated
Jun 4, 2024 - HCL
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
TerraformGoat is HXSecurity research lab's "Vulnerable by Design" multi cloud deployment tool.
A Docker container for remote penetration testing.
An implementation of infrastructure-as-code scanning using dynamic tooling.
HazProne is a Cloud Pentesting Framework that emulates close to Real-World Scenarios by deploying Vulnerable-By-Demand AWS resources enabling you to pentest Vulnerabilities within, and hence, gain a better understanding of what could go wrong and why!!
Offensive Terraform module which creates EC2 instance and reverse shell from an EC2 instance to attacker machine.
Proof of Value Terraform Scripts to utilize Amazon Web Services (AWS) Security, Identity & Compliance Services to Support your AWS Account Security Posture.
Offensive Terraform module which copies publicly exposed EBS snapshot to us-east-1 region in attacker's AWS account and creates EBS volume from the copied EBS snapshot. After that, the module attaches and mounts the EBS volume to an EC2 instance. Finally, attacker can ssh into an EC2 instance and inspect a mounted volume "/usr/src/hack".
Leverage Ollion's GCP Landing Zone to deploy a secure, compliant foundation with ease. The repository contains an implementation of a secure and compliant landing zone pattern that will help expedite cloud migration for an enterprise in a heavily regulated industry.
HoneyZure is a honeypot tool specifically designed for Azure environments, fully provisioned through Terraform. It leverages a Log Analytics Workspace to ingest logs from various Azure resources, generating alerts whenever the deceptive Azure resources are accessed.
Offensive Terraform module which creates an IAM role with trust relationship with attacker's AWS account and attaches managed IAM Policy to an IAM role.
A walkthrough of security controls for a serverless architecture via a demo application
How to setup a secure Kubernetes cluster on Azure
Offensive Terraform module which creates Lambda function with existing IAM role. The module invokes it automatically to exfiltrate AWS temporary credential from environment variables and send it back with response.
Offensive Terraform module which takes over a subdomain which has a CNAME record pointing to non-existing S3 bucket in target's Route53. The module creates a S3 bucket with a name as subdomain in the specific AWS region that CNAME record is pointing to. Also, it uploads a simple web page with "404 Page Not Found" text.
Offensive Terraform module which creates IAM user, access key then attaches managed IAM Policy to an IAM user.
Infrastructure as Code for SUTs
Offensive Terraform module which creates EC2 instance and exfiltrate credential from Instance metadata to external URL.
Leverage Ollion's AWS Landing Zone to deploy a secure, compliant foundation with ease. The repository contains an implementation of a secure and compliant landing zone pattern that will help expedite cloud migration for an enterprise in a heavily regulated industry.
Identify vulnerabilities in running containers, images, hosts and repositories
Add a description, image, and links to the cloud-security topic page so that developers can more easily learn about it.
To associate your repository with the cloud-security topic, visit your repo's landing page and select "manage topics."