magnologan

nodejs-goof

Super vulnerable todo list application

dockle

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

secure-code-game

A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.

amazon-ecs-agent

Amazon Elastic Container Service Agent

amazon-ssm-agent

An agent to enable remote management of your EC2 instances, on-premises servers, or virtual machines (VMs).

appsec-challenges

This repo contains the code for my appsec challenges

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

aws-adfs

Command line tool to ease aws cli authentication against ADFS (multi factor authentication with active directory)

azure-pipelines-tasks

Tasks for Azure Pipelines

azuredisk-csi-driver

Azure Disk CSI Driver

azurefile-csi-driver

Azure File CSI Driver

cloudsplaining

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

grype

A vulnerability scanner for container images and filesystems

hackingthe.cloud

An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

hadolint

Dockerfile linter, validate inline bash, written in Haskell

insecure-kubernetes-deployments

A full insecure kubernetes application for testing security tools

java-goof

JavaSerialKiller

Burp extension to perform Java Deserialization Attacks

kubernetes-goat

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

linux-malware

Tracking interesting Linux (and UNIX) malware. Send PRs

logging-log4j2

Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logback while fixing some inherent problems in Logback's architecture.

malware-cryptominer-container

Container image with malware and crypto miner for testing purposes

microservices-demo

Sample cloud-native application with 10 microservices showcasing Kubernetes, Istio, gRPC and OpenCensus.

nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

test-image

theia

Eclipse Theia is a cloud & desktop IDE framework implemented in TypeScript.

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

wrongsecrets

Examples with how to not use secrets

www-pdf-archive