Stars
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.
High-performance QEMU memory and instruction tracing
A good looking terminal emulator which mimics the old cathode display...
Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego
Linux Process Discovery. C Library, Go bindings, Runtime.
A reading list for software supply-chain security.
Quick and dirty demo for some Kubernetes hacking
Custom firmware for the HackRF+PortaPack H1/H2/H4
A collection of my Semgrep rules to facilitate vulnerability research.
Hardening a sketchy containerized application one step at a time
A collection of manifests that will create pods with elevated privileges.
Tool for auditing RBACs in Kubernetes
Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or ma…
Correlates serviceaccounts and pods to the permissions granted to them via rolebindings and clusterrolesbindings.
A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.
This is a step-by-step guide to implementing a DevSecOps program for any size organization
⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
Helping allocate resources to secure the critical open source projects we all depend on.
How to exploit a double free vulnerability in 2021. Use After Free for Dummies
insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.
Security Remediation Guides
Vulnerable Kustomize Kubernetes templates for training and education
🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!