Falco container plugin

ultralytics-clone for analyzing Ultralytics GitHub Actions exploit with Harden-Runner

#supply #chain #attack #detection

This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.

OpenSSF Scorecard - Security health metrics for Open Source

A container runtime written in Rust

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Testcontainers for Go is a Go package that makes it simple to create and clean up container-based dependencies for automated integration/smoke tests. The clean, easy-to-use API enables developers t…

GitHub Actions Pipeline Enumeration and Attack Tool

GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.

Proof-of-concept code for research into GitHub Actions Cache poisoning.

GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

Customizable Linux Persistence Tool for Security Research and Detection Engineering.

ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation / IP geolocation / IP fingerprinting / Network recon / lookup API server / Web traceroute server

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

⚙ DevSecOps Kubernetes Playground ("A Hacker's Guide to Kubernetes")

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

Welcome to the Meta Threat Research Indicator Repository, a dedicated resource for the sharing of Indicators of Compromise (IOCs) and other threat indicators with the external research community

Terratest is a Go library that makes it easier to write automated tests for your infrastructure code.

macOS system monitor in your menu bar

🍯 T-Pot - The All In One Multi Honeypot Platform 🐝

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

PoC and Detection for CVE-2024-21626

Azure Workload Identity full deployment with Terraform.

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Azure Data Exporter for BloodHound