...
- cfripper – Library and CLI tool for analyzing CloudFormation templates and check them for security compliance
- stelligent/cfn_nag – The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure.
- bridgecrewio/checkov – Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Keys and Secrets
awslabs/git-secrets – Prevents you from committing secrets and credentials into git repositories
- exec-with-secrets – Handle secrets in Docker using AWS KMS, SSM parameter store, Secrets Manager, or Azure Key Vault
- dxa4481/truffleHog – Searches through git repositories for high entropy strings and secrets, digging deep into commit history
- zricethezav/gitleaks – Scan git repos (or files) for secrets using regex and entropy
...
Log Querying
- https://github.com/Permiso-io-tools/CloudGrappler –A purpose-built tool designed for effortless querying of high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and Azure
- https://github.com/Permiso-io-tools/CloudConsoleCartographer – A framework for condensing groupings of cloud events (e.g. CloudTrail logs) and mapping them to the original user input actions in the management console UI for simplified analysis and explainability
Monitoring
- zoph-io/aws-security-survival-kit – Bare minimum AWS Security Alerting
...
- AWS Security Workshops – A collection of the latest AWS Security workshops from AWS
- Serverless Security Workshop – In this workshop, you will learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora. From AWS
- flAWS 2 Challenge – Teaches you AWS (Amazon Web Services) security concepts. The challenges are focused on AWS specific issues, so no buffer overflows, XSS, etc. Able to be attacker or defender for challenges.
- CI/CDon't – An active learning exercise where you plan the bad guy where your goal is to gain access to administrative credentials for an AWS account.
- https://github.com/avishayil/cdk-goat – Vulnerable by Design AWS Cloud Development Kit (CDK) Infrastructure
- https://github.com/BishopFox/cloudfoxable – Create your own vulnerable by design AWS penetration testing playground
Other Compilations of Security Resources
...