Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-azure-security

A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources.
https://github.com/kmcquade/awesome-azure-security

Last synced: 5 days ago
JSON representation

Training
- Awesome Azure Learning - azure-learning)](https://badgen.net/github/stars/ddneves/awesome-azure-learning)
- Awesome Azure Learning - azure-learning)](https://badgen.net/github/stars/ddneves/awesome-azure-learning)
- Azure AZ 500 Study Guide - AZ-500-Study-Guide)](https://badgen.net/github/stars/AzureMentor/Azure-AZ-500-Study-Guide)
- Azure AZ 500 Labs by Microsoft - AzureSecurityTechnologies)](https://badgen.net/github/stars/MicrosoftLearning/AZ500-AzureSecurityTechnologies)
- Breaking and Pwning Apps and Servers on AWS and Azure - and-pwning-apps-and-servers-aws-azure-training)](https://badgen.net/github/stars/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training)
Uncategorized
- Uncategorized
  - Azure security logging and auditing
  - Azure Security Center - Alerts Reference Guide
  - Nuking all Azure Resource Groups under all Azure Subscriptions - wide god-mode Service Principals to nuke an entire Azure environment.
  - Privilege Escalation and Lateral Movement on Azure
  - Privilege Escalation in Azure AD
  - Abusing Azure AD SSO with the Primary Refresh Token - long term tokens stored on your laptop or other AD connected resources - for Single Sign On (SSO) against on-prem and Azure AD connected resources. See Dirk-jan Mollema's blog goes over abusing these tokens, which you can access if you have code execution on a target or on your laptop that is Azure AD joined.
  - Detect Azure network configuration mistakes with visualization using Flow Logs and Traffic Analytics
  - Use Azure API Management and Keyvault to authorize based on API body values
  - BloodHound
  - ScoutSuite - Cloud Security auditing tool. [![stars](https://badgen.net/github/stars/nccgroup/ScoutSuite)](https://badgen.net/github/stars/nccgroup/ScoutSuite)
  - Steampipe - source benchmarks & dashboards for security & insights. [![stars](https://badgen.net/github/stars/turbot/steampipe)](https://badgen.net/github/stars/turbot/steampipe)
  - StormSpotter
  - MicroBurst
  - PowerZure
  - ROADrecon
  - Checkov
  - Terraform Compliance for Azure - mod-terraform-azure-compliance)](https://badgen.net/github/stars/turbot/steampipe-mod-terraform-azure-compliance)
  - DumpsterDiver
  - Azucar
  - tfsec
  - Attacking Azure Cloud Shell - account command execution and privilege escalation.

Programming Languages

Python 5 PowerShell 5 Go 2 CSS 1 Bicep 1 Pascal 1

Categories

Uncategorized 21 Training 5

Sub Categories

Uncategorized 21

Keywords

azure 8 security 5 aws 4 terraform 4 gcp 3 compliance 3 devops 3 azure-security 2 steampipe 2 kubernetes 2 static-analysis 2 devsecops 2 infrastructure-as-code 2 cloud 2 aws-security 2 powershell 1 infosec 1 windows 1 azure-active-directory 1 azuread 1 microsoft-graph 1 python 1 zero-etl 1 sqlite 1 postgresql-fdw 1 postgresql 1 golang 1 etl 1 cspm 1 cnapp 1 cis 1 auditing 1 vulnerability-scanners 1 terraform-security 1 scanner 1 misconfiguration 1 linter 1 google-cloud-platform 1 go 1 digitalocean 1 ci 1 pentesting 1 penetration-testing 1 opensource 1 free 1 application-security 1 study-guide 1 microsoft-azure-security 1 exam 1 azure-learning 1