{"id":45121,"url":"https://github.com/zer0-kr/awesome-DevOpsSec","name":"awesome-DevOpsSec","description":"Archiving for DevOpsSec resources","projects_count":64,"last_synced_at":"2026-06-08T13:00:35.940Z","repository":{"id":211380732,"uuid":"728978461","full_name":"zer0-kr/awesome-DevOpsSec","owner":"zer0-kr","description":"Archiving for DevOpsSec resources","archived":false,"fork":false,"pushed_at":"2026-03-01T15:04:15.000Z","size":106,"stargazers_count":20,"open_issues_count":1,"forks_count":5,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-05-22T22:51:06.672Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zer0-kr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-12-08T05:53:42.000Z","updated_at":"2026-03-01T15:04:18.000Z","dependencies_parsed_at":"2024-01-21T23:48:02.835Z","dependency_job_id":"383788f4-cf0e-4310-87e2-b28b7626cc9e","html_url":"https://github.com/zer0-kr/awesome-DevOpsSec","commit_stats":null,"previous_names":["zer0-kr/awesome-devopssec"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zer0-kr/awesome-DevOpsSec","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zer0-kr%2Fawesome-DevOpsSec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zer0-kr%2Fawesome-DevOpsSec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zer0-kr%2Fawesome-DevOpsSec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zer0-kr%2Fawesome-DevOpsSec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zer0-kr","download_url":"https://codeload.github.com/zer0-kr/awesome-DevOpsSec/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zer0-kr%2Fawesome-DevOpsSec/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34063159,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-08T02:00:07.615Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"created_at":"2024-01-13T21:19:04.237Z","updated_at":"2026-06-08T13:00:35.940Z","primary_language":null,"list_of_lists":false,"displayable":true,"categories":["Resources","🎤 컨퍼런스","Tools","🚨 취약점 DB","📄 가이드 \u0026 문서","📰 아티클","기여하기","📝 블로그"],"sub_categories":["etc","Challenges","Documents","Articles","Trannings","Workshops","Blogs","Vulnerabilities","Conferences","AWS","Kubernetes"],"readme":"\u003cdiv align=\"center\"\u003e\n\n# 🔐 Awesome DevOpsSec\n\n[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)\n[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)\n[![Stars](https://img.shields.io/github/stars/zer0-kr/awesome-DevOpsSec?style=social)](https://github.com/zer0-kr/awesome-DevOpsSec)\n\n**AWS 및 Kubernetes 보안 리소스 큐레이션**\n\n블로그, 가이드, 아티클, 워크숍, 챌린지, 도구를 한곳에 모았습니다.\n\n\u003c/div\u003e\n\n\u003cbr\u003e\n\n---\n\n## 목차\n\n- [📝 블로그](#-블로그)\n- [📄 가이드 \u0026 문서](#-가이드--문서)\n- [📰 아티클](#-아티클)\n- [🧪 워크숍](#-워크숍)\n- [🚨 취약점 DB](#-취약점-db)\n- [🎤 컨퍼런스](#-컨퍼런스)\n- [🏴‍☠️ 챌린지 \u0026 CTF](#️-챌린지--ctf)\n- [📚 트레이닝](#-트레이닝)\n- [🛠️ 도구](#️-도구)\n- [🗂️ 기타](#️-기타)\n\n---\n\n## 📝 블로그\n\n#### 🇰🇷 한국어\n\n- [CloudNet@ Blog](https://gasidaseo.notion.site/gasidaseo/CloudNet-Blog-c9dfa44a27ff431dafdd2edacc8a1863) — 클라우드 네이티브 기술 블로그\n- [MR.ZERO](https://mr-zero.tistory.com/) — AWS 보안 및 DevOps 블로그\n\n#### 🇺🇸 English\n\n- [Rhino Security Labs Blog](https://rhinosecuritylabs.com/blog/?category=aws,cloud-security) — AWS 침투 테스트 전문 블로그\n- [Hacking The Cloud](https://hackingthe.cloud/) — 클라우드 공격 기법 백과사전\n- [HackTricks Cloud](https://cloud.hacktricks.xyz/pentesting-cloud/aws-security) — AWS 펜테스팅 가이드\n\n---\n\n## 📄 가이드 \u0026 문서\n\n#### AWS\n\n- [AWS 보안 점검 및 보안 설정 가이드](https://rogue-gouda-f87.notion.site/AWS-de0b5749d03b464ea2e555cba3974d0b) — 한국어 AWS 보안 점검 가이드\n- [CIS AWS Foundations Benchmark v2.0.0](https://downloads.cisecurity.org/#/) — CIS 벤치마크 표준\n- [AWS FSBP Standard](https://docs.aws.amazon.com/securityhub/latest/userguide/fsbp-standard.html) — AWS Security Hub 기본 보안 모범 사례\n- [AWS Cloud Security Checklist](https://securitycipher.com/aws-security-checklist/) — AWS 보안 체크리스트\n- [Ultimate Guide to Incident Response in AWS](https://14518100.fs1.hubspotusercontent-na1.net/hubfs/14518100/Playbooks/Playbook_Ultimate%20Guide%20to%20Incident%20Response%20in%20AWS.pdf) — AWS 사고 대응 가이드 (PDF)\n\n#### Kubernetes\n\n- [CIS Kubernetes Benchmark v1.8.0](https://downloads.cisecurity.org/#/) — CIS K8s 벤치마크 표준\n- [Kubernetes Hardening Guide](https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF) — NSA/CISA K8s 하드닝 가이드 (PDF)\n- [K8s Security Checklist](https://kubernetes.io/docs/concepts/security/security-checklist/) — 공식 보안 체크리스트\n- [Securing a K8s Cluster](https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/) — 공식 클러스터 보안 가이드\n- [EKS Best Practices Guides](https://aws.github.io/aws-eks-best-practices/) — AWS EKS 보안 모범 사례\n\n---\n\n## 📰 아티클\n\n#### AWS\n\n- [My AWS Pentest Methodology](https://medium.com/@MorattiSec/my-aws-pentest-methodology-14c333b7fb58) — AWS 침투 테스트 방법론\n- [AWS IAM Privilege Escalation – Methods and Mitigation](https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/) — IAM 권한 상승 기법 및 대응\n- [Detailed Analysis of CloudDon](https://medium.com/s2wblog/detailed-analysis-of-clouddon-cloud-data-breach-of-korea-e-commerce-company-948c3a5df90d) — 한국 이커머스 클라우드 데이터 유출 분석\n- [How I was able to access millions of ID cards](https://sanggiero.com/posts/how-i-was-able-to-access-millions-id-cards-e-commerce/) — 이커머스 플랫폼 신분증 접근 사례\n\n#### Kubernetes\n\n- [K8s Standard Architecture (2024)](https://github.com/sysnet4admin/_Book_k8sInfra/blob/main/docs/k8s-stnd-arch/2024/2024-k8s-stnd-arch.pdf) — 2024년 K8s 표준 아키텍처 (PDF)\n- [15 Kubernetes Mistakes Side Effects Chart](https://media.licdn.com/dms/image/D5622AQEZwQUKLg0KxQ/feedshare-shrink_2048_1536/0/1692951628708) — K8s 실수 15가지 인포그래픽\n\n---\n\n## 🧪 워크숍\n\n#### AWS\n\n- [AWS WAF 공격 및 방어 실습](https://sessin.github.io/awswafhol/) — WAF 핸즈온 랩\n- [AWS Well Architected Labs - Security](https://wellarchitectedlabs.com/security/) — AWS 공식 보안 실습\n- [AWS Incident Response Playbooks Workshop](https://catalog.us-east-1.prod.workshops.aws/workshops/43742d64-6a5e-45ea-9339-cbb3fb26944e/en-US) — 사고 대응 플레이북 워크숍\n\n#### Kubernetes\n\n- [Amazon EKS Workshops](https://awskrug.github.io/eks-workshop/) — EKS 핸즈온 워크숍\n\n---\n\n## 🚨 취약점 DB\n\n- [CLOUDVULNDB](https://www.cloudvulndb.org/) — 클라우드 서비스 취약점 데이터베이스\n- [Public Cloud Security Breaches](https://www.breaches.cloud/) — 공개된 클라우드 보안 사고 모음\n- [Cloud Security Attacks](https://github.com/CyberSecurityUP/Cloud-Security-Attacks) — 클라우드 보안 공격 기법 정리\n- [aws-customer-security-incidents](https://github.com/ramimac/aws-customer-security-incidents) — AWS 고객 보안 사고 타임라인\n\n---\n\n## 🎤 컨퍼런스\n\n- [AWSKRUG Security Group](https://github.com/awskrug/security-group/tree/main) — AWS 한국 사용자 그룹 보안 모임\n- [AWS 리소스 허브](https://kr-resources.awscloud.com/) — AWS 한국 공식 리소스\n- [Kubernetes Security Best Practices](https://www.youtube.com/watch?v=wqsUfvRyYpw) — CNCF 공식 K8s 보안 발표 (YouTube)\n\n---\n\n## 🏴‍☠️ 챌린지 \u0026 CTF\n\n#### Goat 프로젝트\n\n- [CloudGoat](https://github.com/RhinoSecurityLabs/cloudgoat) — AWS 취약 환경 시뮬레이터\n- [KubernetesGoat](https://github.com/madhuakula/kubernetes-goat) — K8s 취약 환경 시뮬레이터\n- [TerraGoat](https://github.com/bridgecrewio/terragoat) — Terraform 취약 설정 모음\n\n#### IAM\n\n- [IAM Vulnerable](https://github.com/BishopFox/iam-vulnerable) — IAM 권한 상승 실습 환경\n- [The Big IAM Challenge](https://bigiamchallenge.com/challenge/1) — IAM 정책 분석 챌린지\n\n#### 테마별 게임\n\n- [S3 Game](http://s3game-level1.s3-website.us-east-2.amazonaws.com/level1.html) — S3 보안 게임\n- [EKS Game](https://eksclustergames.com/) — EKS 클러스터 해킹 게임\n- [K8s LAN Party](https://k8slanparty.com/) — K8s 네트워크 보안 게임\n\n#### Misconfigured\n\n- [flAWS](http://flaws.cloud/) — AWS 설정 오류 챌린지\n- [flAWS2](http://flaws2.cloud/) — flAWS 시즌 2 (공격자/방어자 시점)\n- [Sadcloud](https://github.com/nccgroup/sadcloud) — 의도적으로 취약한 AWS 인프라\n- [Vulnmachines](https://www.vulnmachines.com/index.php) — 클라우드 취약점 실습 플랫폼\n- [CI/CDon't](https://hackingthe.cloud/aws/capture_the_flag/cicdont/) — CI/CD 파이프라인 해킹 CTF\n\n---\n\n## 📚 트레이닝\n\n- [AWS Certified Security Specialty](https://www.udemy.com/course/ultimate-aws-certified-security-specialty/) — Udemy AWS 보안 자격증 강의\n- [Certified Kubernetes Security Specialist](https://www.youtube.com/watch?v=Jd_j2wruz6E\u0026list=PLpbwBK0ptssx38770vYNwZEuCeGNw54CH) — CKS 무료 강의 (YouTube)\n\n---\n\n## 🛠️ 도구\n\n#### AWS\n\n| 도구 | 설명 |\n|---|---|\n| [prowler](https://github.com/prowler-cloud/prowler) | AWS/Azure/GCP 보안 취약점 스캐너 |\n| [steampipe](https://github.com/turbot/steampipe) | API/서비스 데이터 직접 쿼리 (zero-ETL) |\n| [CloudSploit](https://github.com/aquasecurity/cloudsploit) | 클라우드 보안 형상 관리 (CSPM) |\n| [check_imds](https://github.com/zer0-kr/SecOpsTools/blob/main/aws/check_imds.py) | IMDSv1 사용 인스턴스 스캐너 |\n| [pacu](https://github.com/RhinoSecurityLabs/pacu) | AWS 익스플로잇 프레임워크 |\n| [my-arsenal-of-aws-security-tools](https://github.com/toniblyx/my-arsenal-of-aws-security-tools) | AWS 보안 오픈소스 도구 모음 |\n\n#### Kubernetes\n\n| 도구 | 설명 |\n|---|---|\n| [Trivy](https://github.com/aquasecurity/trivy) | 컨테이너/K8s 취약점·설정오류·시크릿 스캐너 |\n| [kube-bench](https://github.com/aquasecurity/kube-bench) | CIS K8s 벤치마크 준수 검사 |\n| [kube-hunter](https://github.com/aquasecurity/kube-hunter) | K8s 클러스터 보안 취약점 탐색 |\n| [managed-kubernetes-auditing-toolkit](https://github.com/DataDog/managed-kubernetes-auditing-toolkit) | EKS 보안 감사 도구 (DataDog) |\n| [Kubescape](https://github.com/kubescape/kubescape) | K8s 보안 플랫폼 (클러스터/CI·CD/IDE) |\n| [Falco](https://github.com/falcosecurity/falco) | 클라우드 네이티브 런타임 보안 |\n| [Clair](https://github.com/quay/clair) | 컨테이너 이미지 정적 취약점 분석 |\n\n---\n\n## 🗂️ 기타\n\n- [ATT\u0026CK](https://attack.mitre.org/) — MITRE 공격 기법 프레임워크\n- [D3FEND](https://d3fend.mitre.org/) — MITRE 방어 기법 프레임워크\n- [RE\u0026CT](https://atc-project.github.io/atc-react/) — 사고 대응 프레임워크\n\n---\n\n## 기여하기\n\n리소스 추가, 링크 수정, 카테고리 제안 등 어떤 기여든 환영합니다.\n\n**PR** 또는 **Issue**로 제안해 주세요.\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n**이 리스트가 도움이 되었다면 스타를 눌러주세요!**\n\n[![Star on GitHub](https://img.shields.io/github/stars/zer0-kr/awesome-DevOpsSec?style=social)](https://github.com/zer0-kr/awesome-DevOpsSec)\n\n\u003c/div\u003e\n","projects_url":"https://awesome.ecosyste.ms/api/v1/lists/zer0-kr%2Fawesome-devopssec/projects"}