You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+8-1Lines changed: 8 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -46,6 +46,7 @@ And don't forget to **bookmark AWS Security bulletin** for new vulnerabilities n
46
46
20.[Security at the Edge: Core Principles](https://d1.awsstatic.com/whitepapers/Security/security-at-the-edge.pdf)
47
47
21.[AWS KMS Best Practices](https://d0.awsstatic.com/whitepapers/aws-kms-best-practices.pdf)
48
48
22.[Security Overview of AWS Fargate](https://d1.awsstatic.com/whitepapers/AWS_Fargate_Security_Overview_Whitepaper.pdf)
49
+
49
50
## Books
50
51
1.[Hands-On AWS Penetration Testing with Kali Linux by PackT](https://www.packtpub.com/virtualization-and-cloud/hands-aws-penetration-testing-kali-linux)
51
52
2.[Mastering AWS Security by PackT](https://www.packtpub.com/in/virtualization-and-cloud/mastering-aws-security)
@@ -103,7 +104,12 @@ And don't forget to **bookmark AWS Security bulletin** for new vulnerabilities n
103
104
24.[Orca Security Research Team Discovers AWS CloudFormation Vulnerability](https://orca.security/resources/blog/aws-cloudformation-vulnerability/)
104
105
25.[Orca Security Research Team Discovers AWS Glue Vulnerability](https://orca.security/resources/blog/aws-glue-vulnerability/)
105
106
26.[How I Discovered Thousands of Open Databases on AWS](https://infosecwriteups.com/how-i-discovered-thousands-of-open-databases-on-aws-764729aa7f32)
106
-
107
+
27.[CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client](https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/)
108
+
28.[Downloading and Exploring AWS EBS Snapshots](https://rhinosecuritylabs.com/aws/exploring-aws-ebs-snapshots/)
109
+
29.[Weaponizing AWS ECS Task Definitions to Steal Credentials From Running Containers](https://rhinosecuritylabs.com/aws/weaponizing-ecs-task-definitions-steal-credentials-running-containers/)
110
+
30.[Good Read on AWS IAM Privilege Escalation – Methods and Mitigation](https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/)
111
+
31.[One more on IAM Privilege Escalation](https://payatu.com/blog/mayank.arora/iam_privilege_escalation_attack)
112
+
32.*[A very good repo for learning IAM based vulnerabilities](https://github.com/BishopFox/iam-vulnerable)
@@ -149,6 +155,7 @@ And don't forget to **bookmark AWS Security bulletin** for new vulnerabilities n
149
155
14.[Cloud Mapper](https://github.com/duo-labs/cloudmapper) - Analyze your AWS environments (Python)
150
156
15.[ConsoleMe](https://github.com/Netflix/consoleme) - A Central Control Plane for AWS Permissions and Access
151
157
16.[AWS Firewall Factory](https://github.com/globaldatanet/aws-firewall-factory) - Deploy, update, and stage your WAFs while managing them centrally via FMS.
158
+
152
159
## Security Practices and CTFs
153
160
1.[AWS Well Architected Security Labs](https://wellarchitectedlabs.com/security/)
154
161
2.[Flaws to learn common mistakes in AWS through challenge](http://flaws.cloud/)
0 commit comments