cloud-security

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Free Security and Hacking eBooks

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

A Central Control Plane for AWS Permissions and Access

Cloud Exploitation Framework 云环境利用框架，方便安全人员在获得 AK 的后续工作

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

🛡️ Awesome Cloud Security Resources ⚔️

Automating situational awareness for cloud penetration tests.

Open-source platform for IT and security teams with thousands of computers. (Linux, macOS, Windows, ChromeOS, AWS, Google Cloud, Azure, data center, containers, IoT)

☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

PacBot (Policy as Code Bot)

veinmind-tools 是由长亭科技自研，基于 veinmind-sdk 打造的容器安全工具集

An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

Open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

awesome cloud security 收集一些国内外不错的云安全资源，该项目主要面向国内的安全人员

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your public cloud & SaaS environments with controls mapped to NIST CSF, 800-53, ISO 27001, AICPA TSC (SOC2), and more!