My Personal Wiki
My personal wiki
Trainings
Online Resources
Cryptography
Application Security
Mobile Security
Penetration Testing
Incident Response
Digital Forensics
Cloud Security
Cyber Threats
Hardware Security
Corporate Security
Blockchain
Startup Resources
Misc
By
tsondt
. Updated in 2022.
Cloud Security
https://github.com/RhinoSecurityLabs
https://rhinosecuritylabs.com/blog/
Amazon Web Services
Amazon
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
https://aws.amazon.com/security/security-resources/
https://www.google.com/search?q=site%3Aawsstatic.com+security
https://aws.amazon.com/compliance/resources/
https://aws.amazon.com/blogs/security/
http://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
https://www.youtube.com/user/AWSwebinars/
IR
https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/document-revisions.html
https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf
[
mirror
]
https://github.com/open-guides/og-aws
http://flaws.cloud/
http://flaws2.cloud/
Netflix
https://github.com/Netflix/security_monkey
https://github.com/Netflix-Skunkworks/aardvark
https://github.com/Netflix/Repokid
https://github.com/toniblyx/prowler
https://github.com/duo-labs/cloudmapper
https://github.com/RhinoSecurityLabs/cloudgoat
https://github.com/RhinoSecurityLabs/pacu
https://github.com/aquasecurity/cloud-security-remediation-guides
https://github.com/aquasecurity/cloudsploit
https://github.com/nccgroup/ScoutSuite
https://andresriancho.github.io/nimbostratus/
https://github.com/dagrz/aws_pwn
https://blog.cloudsploit.com/privilege-escalation-in-amazon-web-services-cb4837365958
https://www.cyberark.com/resources/threat-research-blog/the-cloud-shadow-admin-threat-10-permissions-to-protect
https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
https://rhinosecuritylabs.com/aws/escalating-aws-iam-privileges-undocumented-codestar-api/
https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/
https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation-part-2/
Google Cloud Platform
https://github.com/nccgroup/G-Scout
Google
Cloud Security Command Center
https://cloud.google.com/blog/products/identity-security/5-steps-to-improve-your-cloud-security-posture-with-cloud-security-command-center
https://cloud.google.com/blog/products/identity-security/catch-web-app-vulnerabilities-before-they-hit-production-with-cloud-web-security-scanner
https://cloud.google.com/blog/products/identity-security/3-steps-to-detect-and-remediate-security-anomalies-with-cloud-anomaly-detection
https://cloud.google.com/blog/products/identity-security/detect-and-respond-to-high-risk-threats-in-your-logs-with-google-cloud
https://cloud.google.com/blog/products/identity-security/4-steps-to-stop-data-exfiltration-with-google-cloud
https://cloud.google.com/blog/products/identity-security/find-and-fix-misconfigurations-in-your-google-cloud-resources
https://cloud.google.com/blog/topics/kubernetes-best-practices
https://cloud.google.com/security/beyondprod/
https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/
https://github.com/RhinoSecurityLabs/GCP-IAM-Privilege-Escalation
https://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/
https://rhinosecuritylabs.com/cloud-security/privilege-escalation-google-cloud-platform-part-2/
https://rhinosecuritylabs.com/gcp/google-cloud-platform-gcp-bucket-enumeration/
Microsoft Azure
Containers
https://cloud.google.com/blog/search;query=exploring%20container%20security;paginate=25;order=newest
https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/
Docker
https://docs.docker.com/engine/security/security/
https://sysdig.com/blog/20-docker-security-tools/
https://www.docker.com/sites/default/files/WP_IntrotoContainerSecurity_08.19.2016.pdf
https://medium.com/@ewindisch/on-the-security-of-containers-2c60ffe25a9e
https://www.nccgroup.trust/us/our-research/understanding-and-hardening-linux-containers/
https://www.nccgroup.trust/us/our-research/abusing-privileged-and-unprivileged-linux-containers/
https://www.blackhat.com/docs/eu-15/materials/eu-15-Bettini-Vulnerability-Exploitation-In-Docker-Container-Environments.pdf
https://www.blackhat.com/docs/eu-15/materials/eu-15-Bettini-Vulnerability-Exploitation-In-Docker-Container-Environments-wp.pdf
https://dadario.com.br/courses/docker-security-fundamentals/
Kubernetes
https://kubernetes.io/docs/reference/access-authn-authz/
https://blog.sqreen.com/kubernetes-security-best-practices/
https://sysdig.com/blog/33-kubernetes-security-tools/
https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1541608899.pdf
https://kubernetes.io/blog/2018/07/18/11-ways-not-to-get-hacked/
https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
https://kubernetes.io/blog/2018/04/04/fixing-subpath-volume-vulnerability/
https://suraj.io/post/cve-2017-1002101-subpath-volume-mount-recreate/
https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/
https://cdn2.hubspot.net/hubfs/1665891/Assets/Kubernetes%20Security%20-%20Operating%20Kubernetes%20Clusters%20and%20Applications%20Safely.pdf
https://kubernetes.io/blog/2016/08/security-best-practices-kubernetes-deployment/
https://github.com/trailofbits/audit-kubernetes