Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/cyberark/community

Information for the CyberArk contributor community
https://github.com/cyberark/community

community-guidelines conjbot-notify conjur-community-team contributors cyberark

Last synced: 3 months ago
JSON representation

Information for the CyberArk contributor community

Awesome Lists containing this project

README 

          
# CyberArk Commons



Welcome to the CyberArk Community!



Consider this your starting point for contributing to CyberArk code, documents, and getting involved

in discussion.



Here, you'll find both general and team-specific resources that will guide you through the process

of becoming a contributor to one of our open-source projects.



## Table of Contents



* [General Guidelines](#general-guidelines)

  + [Communicating](#communicating)

  + [Contributing](#contributing)

* [Group-Specific Guidelines](#group-specific-guidelines)

  + [CyberArk Conjur](#cyberark-conjur)

    - [What we do](#what-we-do-1)

    - [Projects we work on](#projects-we-work-on-1)

  + [CyberArk Labs](#cyberark-labs)

    - [What we do](#what-we-do-2)

    - [Projects we work on](#projects-we-work-on-2)



Table of contents generated with

markdown-toc



## General Guidelines



### Communicating

Start a conversation with us on [Discourse](https://discuss.cyberarkcommons.org/)! 



Our CyberArk Commons Discourse is where we share tips and tricks for using our products and tools,

updates on product changes and design conversations, discuss relevant blog posts and articles, and

answer your questions. Join us there to find out what we're thinking about - we'd be glad to have

you as part of our conversation! 



## Contributing

Many projects in our Github repositories encourage contribution, even this one! Our [contributor's

guide](CONTRIBUTING.md) contains information on:



  1. [Reporting an Issue](CONTRIBUTING.md/#reporting-an-issue)

  1. [Finding Issues to Work On](CONTRIBUTING.md/#finding-issues-to-work-on)

  1. [Working on Issues](CONTRIBUTING.md/#working-on-issues)

  1. [Submitting a Pull Request](CONTRIBUTING.md/#submitting-a-pull-request)



If you already know which project you'd like to work on, check out the [Group-Specific

Guidelines](#group-specific-guidelines) to learn more about additional tips and tricks as

you get started.



Questions? [Let's talk!](#communicating)



## Group-Specific Guidelines

CyberArk publishes many open source projects in https://github.com/cyberark - and there are a few

primary groups publishing this content who each may have slightly different guidelines for

contributing. In this section, you can learn more about the projects each group is working on and

read up on the contribution guidelines that are specific to each group.



### [CyberArk Conjur](Conjur/README.md)



#### What we do

At [Conjur Open Source](https://conjur.org/), we’re creating the tools to help you build

applications safely and securely - without having to be a security expert. From our flagship Conjur

server (a secret store and RBAC engine), to custom authenticators that make the [secret

zero](https://www.conjur.org/blog/avoiding-secret-zero-securely-introducing-secrets-with-conjur/)

problem a thing of the past, to Secretless Broker, which aims to make sure your apps never have to

worry about secrets again. 



#### Projects we work on 



Visit our [Conjur OSS Suite Landing Page](https://cyberark.github.io/conjur/) to view a full list of

our projects and find helpful resources for learning more about our approach to security!



### [CyberArk Labs](Labs/README.md)



#### What we do

The security research groups at CyberArk Labs are busy with studying the attack surface of common

and emerging technologies. We fuzz, poke, bypass, maneuver, misuse, escalate, hijack, deny service,

degrade, escape and exploit the technologies, and from time to time we share here new tools you can

use to detect vulnerabilities and identify threats; based on our research of course.



You can have a look at what we are currently working on right here -

https://www.cyberark.com/threat-research-blog/.



#### Projects we work on 

We have a variety of projects for analyzing threats and detecting vulnerabilities. Click the

dropdown below to view and browse them!



   View Projects 



Name                                                 | Description

----                                                 | -----------

[ACLight](https://github.com/cyberark/ACLight)       | A script for advanced discovery of Privileged Accounts - includes Shadow Admins.

[BlobHunter](https://github.com/cyberark/blobhunter) | A tool for finding exposed data in Azure Blob Storage.

[DLLSpy](https://github.com/cyberark/DLLSpy)         | DLL Hijacking Detection Tool 

[EasyPeasy](https://github.com/cyberark/EasyPeasy)   | Find accounts using common and default passwords in Active Directory. 

[KDSnap](https://github.com/cyberark/KDSnap)         | KDSnap is a DLL extension for WinDbg that integrates your debugger with your virtualization platform of choice.

[ketshash](https://github.com/cyberark/ketshash)     | A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs.

[Kubeletctl](https://github.com/cyberark/Kubeletctl) | A command line tool that implement kubelet's API.

[KubiScan](https://github.com/cyberark/KubiScan)     | A tool to scan Kubernetes cluster for risky permissions.

[Mystique](https://github.com/cyberark/Mystique)     | PowerShell module to play with Kerberos S4U extensions.

[NetRay](https://github.com/cyberark/NetRay)         | A modular, python tool that detects attacks against the Kerberos protocol. 

[PreCog](https://github.com/cyberark/PreCog)         | Discover "HotSpots" - potential spots for credentials theft.

[RiskySPN](https://github.com/cyberark/RiskySPN)     | Detect and abuse risky SPNs     

[shimit](https://github.com/cyberark/shimit)         | A tool that implements the Golden SAML attack

[SkyArk](https://github.com/cyberark/SkyArk)         | SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS.

[SkyWrapper](https://github.com/cyberark/SkyWrapper) | A tool for discovering suspicious creation forms and uses of temporary tokens in AWS.

[zBang](https://github.com/cyberark/zBang)           | zBang is a risk assessment tool that detects potential privileged account threats.