#Beacon
https://youtu.be/HlL2NZK5fVU?list=PLtZtNPs3fJyB37loFSAM5OD-IEnn18gu9
YouTube
Beginner to Advanced Bug Bounty Hunting Course | 2022
All my videos are for educational purposes with bug bounty hunters and penetration testers in mind YouTube don't take down my videos 😉
Ethical hacking web application hacking and bug bounty hunting
Follow me on Twitter = https://twitter.com/PhD_Security…
Ethical hacking web application hacking and bug bounty hunting
Follow me on Twitter = https://twitter.com/PhD_Security…
Forwarded from The Bug Bounty Hunter
Regulator: A unique method of subdomain enumeration
https://cramppet.github.io/regulator/index.html
https://cramppet.github.io/regulator/index.html
Forwarded from Deleted Account
Удар_по_контейнерам_Пентестим_Docker_и_Kubernetes_в_облаке_Amazon.pdf
4 MB
Forwarded from GAFRAS
Облака_под_угрозой_Как_пентестить_инфру_в_AWS_—_Хакер.pdf
2.7 MB
Forwarded from beacon private!
#cicd #cicdsecurity #security
1. https://cloud.hacktricks.xyz/pentesting-ci-cd/pentesting-ci-cd-methodology
2. https://habr.com/ru/company/swordfish_security/blog/524490/
3. https://www.cidersecurity.io/blog/research/ppe-poisoned-pipeline-execution/?utm_source=github&utm_medium=github_page&utm_campaign=ci%2fcd%20goat_060422
4. https://github.com/cider-security-research/cicd-goat
5. https://wp.nyu.edu/dispatch/pentesting-for-your-ci-cd-pipeline/
6. https://www.invicti.com/blog/web-security/sensitive-data-exposure-public-web-assets-hidden-threat/
7. https://gist.github.com/reewardius/8391a02e7f16d6b25796ff3b1a95719b
8. https://github.com/aquasecurity/chain-bench
9. https://github.com/aquasecurity/chain-bench/blob/main/docs/CIS-Software-Supply-Chain-Security-Guide-v1.0.pdf
10. https://www.cidersecurity.io/top-10-cicd-security-risks/
11. https://www.techtarget.com/searchitoperations/tip/7-best-practices-to-ensure-your-CI-CD-pipelines-security
12. https://www.plutora.com/blog/7-most-important-ci-cd-security-best-practices-2022
13. https://t.me/k8security/424
14. https://t.me/k8security/725
15. https://gist.github.com/reewardius/03da47fb6b3c08063436c521a67c0373
16. https://gist.github.com/reewardius/87eecd50b81aa5a936301d261d0ebfcf
1. https://cloud.hacktricks.xyz/pentesting-ci-cd/pentesting-ci-cd-methodology
2. https://habr.com/ru/company/swordfish_security/blog/524490/
3. https://www.cidersecurity.io/blog/research/ppe-poisoned-pipeline-execution/?utm_source=github&utm_medium=github_page&utm_campaign=ci%2fcd%20goat_060422
4. https://github.com/cider-security-research/cicd-goat
5. https://wp.nyu.edu/dispatch/pentesting-for-your-ci-cd-pipeline/
6. https://www.invicti.com/blog/web-security/sensitive-data-exposure-public-web-assets-hidden-threat/
7. https://gist.github.com/reewardius/8391a02e7f16d6b25796ff3b1a95719b
8. https://github.com/aquasecurity/chain-bench
9. https://github.com/aquasecurity/chain-bench/blob/main/docs/CIS-Software-Supply-Chain-Security-Guide-v1.0.pdf
10. https://www.cidersecurity.io/top-10-cicd-security-risks/
11. https://www.techtarget.com/searchitoperations/tip/7-best-practices-to-ensure-your-CI-CD-pipelines-security
12. https://www.plutora.com/blog/7-most-important-ci-cd-security-best-practices-2022
13. https://t.me/k8security/424
14. https://t.me/k8security/725
15. https://gist.github.com/reewardius/03da47fb6b3c08063436c521a67c0373
16. https://gist.github.com/reewardius/87eecd50b81aa5a936301d261d0ebfcf
cloud.hacktricks.xyz
Pentesting CI/CD Methodology | HackTricks Cloud
#kubernetes #full #will_be_updated
Interesting talks:
1) https://www.youtube.com/watch?v=vTgQLzeBfRU&t=2119s
2) https://www.youtube.com/watch?v=fVqCAUJiIn0&t=1637s
3) https://www.youtube.com/watch?v=dxKpCO2dAy8
4) Kubernetes Goat - https://youtu.be/5ojho4L6Xfo
5) На русском: https://youtu.be/MwVXWU324XY
6) https://youtu.be/Ek1oaGwfli0
7) https://youtu.be/PZBLOCSmeiA
8) https://youtu.be/JoLgVBTc73c
9) https://youtu.be/LtCx3zZpOfs
10) https://youtu.be/UdMFTdeAL1s
11) https://youtu.be/xDj4_ZI1Y9A
12) https://youtu.be/iD_klswHJQs
13) https://youtu.be/1w_t6mOaOq4
· https://microsoft.github.io/Threat-Matrix-for-Kubernetes/
· https://infosecwriteups.com/attacking-kubernetes-part-1-9192886b09c5
· https://labs.withsecure.com/publications/attacking-kubernetes-through-kubelet
· https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-1
· https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-2
· https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-3
· https://lobuhisec.medium.com/kubernetes-pentest-recon-checklist-tools-and-resources-30d8e4b69463
· https://madhuakula.com/content/attacking-and-auditing-docker-containers-using-opensource/
· https://cloudsecdocs.com/container_security/offensive/
· https://tbhaxor.com/container-breakout-part-1/
· https://habr.com/ru/company/flant/blog/465141/
· https://habr.com/ru/company/southbridge/blog/655409/
· https://habr.com/ru/company/southbridge/blog/507656/
· https://github.com/g3rzi/HackingKubernetes
· https://gitlab.com/pentest-tools/PayloadsAllTheThings/-/tree/master/Kubernetes
https://www.microsoft.com/en-us/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/
https://t.me/k8security/756
Course Youtube:
· https://www.youtube.com/@MrIntern/videos
· https://youtu.be/W1eiMWGZwKo
· https://www.youtube.com/@learnwithgvr
· https://www.youtube.com/@learnwithggs6888
HTB:
· https://0xdf.gitlab.io/2021/09/04/htb-unobtainium.html
· https://0xdf.gitlab.io/2022/02/14/htb-steamcloud.html
Goat:
· https://madhuakula.com/kubernetes-goat/
· https://madhuakula.com/content/attacking-and-auditing-docker-containers-using-opensource/
CloudTricks:
· https://cloud.hacktricks.xyz/pentesting-cloud/
CTF:
· https://hackernoon.com/capturing-all-the-flags-in-bsidessf-ctf-by-pwning-our-infrastructure-3570b99b4dd0
Tools:
https://github.com/inguardians/peirates
https://github.com/cdk-team/CDK
https://github.com/cyberark/kubesploit
https://github.com/aquasecurity/kube-hunter
https://github.com/aquasecurity/kube-bench
https://github.com/quarkslab/kdigger
https://github.com/kubescape/kubescape
https://github.com/controlplaneio/kubesec
https://github.com/brompwnie/botb
https://github.com/ctrsploit/ctrsploit
https://github.com/dev-sec/cis-kubernetes-benchmark
https://github.com/dev-sec/cis-docker-benchmark
https://github.com/deepfence/SecretScanner
https://github.com/GitGuardian/ggshield
https://github.com/hadolint/hadolint
https://github.com/goodwithtech/dockle
https://github.com/aquasecurity/trivy
https://github.com/stealthcopter/deepce
https://github.com/Ullaakut/Gorsair
https://github.com/anchore/grype
https://github.com/liamg/traitor
https://github.com/chen-keinan/kube-beacon
https://github.com/cyberark/kubernetes-rbac-audit
Interesting talks:
1) https://www.youtube.com/watch?v=vTgQLzeBfRU&t=2119s
2) https://www.youtube.com/watch?v=fVqCAUJiIn0&t=1637s
3) https://www.youtube.com/watch?v=dxKpCO2dAy8
4) Kubernetes Goat - https://youtu.be/5ojho4L6Xfo
5) На русском: https://youtu.be/MwVXWU324XY
6) https://youtu.be/Ek1oaGwfli0
7) https://youtu.be/PZBLOCSmeiA
8) https://youtu.be/JoLgVBTc73c
9) https://youtu.be/LtCx3zZpOfs
10) https://youtu.be/UdMFTdeAL1s
11) https://youtu.be/xDj4_ZI1Y9A
12) https://youtu.be/iD_klswHJQs
13) https://youtu.be/1w_t6mOaOq4
· https://microsoft.github.io/Threat-Matrix-for-Kubernetes/
· https://infosecwriteups.com/attacking-kubernetes-part-1-9192886b09c5
· https://labs.withsecure.com/publications/attacking-kubernetes-through-kubelet
· https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-1
· https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-2
· https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-3
· https://lobuhisec.medium.com/kubernetes-pentest-recon-checklist-tools-and-resources-30d8e4b69463
· https://madhuakula.com/content/attacking-and-auditing-docker-containers-using-opensource/
· https://cloudsecdocs.com/container_security/offensive/
· https://tbhaxor.com/container-breakout-part-1/
· https://habr.com/ru/company/flant/blog/465141/
· https://habr.com/ru/company/southbridge/blog/655409/
· https://habr.com/ru/company/southbridge/blog/507656/
· https://github.com/g3rzi/HackingKubernetes
· https://gitlab.com/pentest-tools/PayloadsAllTheThings/-/tree/master/Kubernetes
https://www.microsoft.com/en-us/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/
https://t.me/k8security/756
Course Youtube:
· https://www.youtube.com/@MrIntern/videos
· https://youtu.be/W1eiMWGZwKo
· https://www.youtube.com/@learnwithgvr
· https://www.youtube.com/@learnwithggs6888
HTB:
· https://0xdf.gitlab.io/2021/09/04/htb-unobtainium.html
· https://0xdf.gitlab.io/2022/02/14/htb-steamcloud.html
Goat:
· https://madhuakula.com/kubernetes-goat/
· https://madhuakula.com/content/attacking-and-auditing-docker-containers-using-opensource/
CloudTricks:
· https://cloud.hacktricks.xyz/pentesting-cloud/
CTF:
· https://hackernoon.com/capturing-all-the-flags-in-bsidessf-ctf-by-pwning-our-infrastructure-3570b99b4dd0
Tools:
https://github.com/inguardians/peirates
https://github.com/cdk-team/CDK
https://github.com/cyberark/kubesploit
https://github.com/aquasecurity/kube-hunter
https://github.com/aquasecurity/kube-bench
https://github.com/quarkslab/kdigger
https://github.com/kubescape/kubescape
https://github.com/controlplaneio/kubesec
https://github.com/brompwnie/botb
https://github.com/ctrsploit/ctrsploit
https://github.com/dev-sec/cis-kubernetes-benchmark
https://github.com/dev-sec/cis-docker-benchmark
https://github.com/deepfence/SecretScanner
https://github.com/GitGuardian/ggshield
https://github.com/hadolint/hadolint
https://github.com/goodwithtech/dockle
https://github.com/aquasecurity/trivy
https://github.com/stealthcopter/deepce
https://github.com/Ullaakut/Gorsair
https://github.com/anchore/grype
https://github.com/liamg/traitor
https://github.com/chen-keinan/kube-beacon
https://github.com/cyberark/kubernetes-rbac-audit
YouTube
Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman, Symantec
Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman, Symantec
While Kubernetes offers new and exciting ways to deploy and scale container-based workloads in production, many organizations may not be aware of the security risks inherent…
While Kubernetes offers new and exciting ways to deploy and scale container-based workloads in production, many organizations may not be aware of the security risks inherent…
Hi all, last week I was inspired by the idea of creating a dictionary using artificial intelligence. The old dictionaries in most projects were no longer finding anything, as they were as old as possible and no new wordlists were being added.
I present you a dictionary, which was 70% generated with OpenAI ChatGPT, the other 30% were taken from Bo0om (fuzz.txt) and other bughunters.
This dictionary contains configuration files ranging from development, frameworks, SCM, configuration for automated QA software to CNI plugins for Kubernetes.
The project is alive and will be actively supplemented and cleaned up.
https://github.com/reewardius/bbFuzzing.txt
I present you a dictionary, which was 70% generated with OpenAI ChatGPT, the other 30% were taken from Bo0om (fuzz.txt) and other bughunters.
This dictionary contains configuration files ranging from development, frameworks, SCM, configuration for automated QA software to CNI plugins for Kubernetes.
The project is alive and will be actively supplemented and cleaned up.
https://github.com/reewardius/bbFuzzing.txt
GitHub
GitHub - reewardius/bbFuzzing.txt
Contribute to reewardius/bbFuzzing.txt development by creating an account on GitHub.