Zach Gorman's starred repositories
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
terracognita
Reads from existing public and private cloud providers (reverse Terraform) and generates your infrastructure as code on Terraform configuration
terraform-provider-scaffolding-framework
Quick start repository for creating a Terraform provider using terraform-plugin-framework
s3-account-search
S3 Account Search
remediate-AWS-IMDSv1
Simple tool to identify and remediate the use of the AWS EC2 IMDSv1.
quiet-riot
Unauthenticated enumeration of AWS, Azure, and GCP Principals
aws-service-auth-reference
A JSON reference for AWS service authorization (IAM actions) and a Golang program for updating them.
CloudIntel
This repo contains IOC, malware and malware analysis associated with Public cloud
imdsv2_wall_of_shame
List of vendors that do not allow IMDSv2 enforcement
Responder-Windows
Responder Windows Version Beta
awskillswitch
Lambda function that streamlines containment of an AWS account compromise
terraform-docs
Generate documentation from Terraform modules in various output formats
gardening-starter-pack
Literally a rootkit. (LKM for Linux Kernels 4.14+)
LiME
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
GTFOBins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
awesome-privilege-escalation
A curated list of awesome privilege escalation