Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/teamssix/awesome-cloud-security
awesome cloud security 收集一些国内外不错的云安全资源,该项目主要面向国内的安全人员
https://github.com/teamssix/awesome-cloud-security
List: awesome-cloud-security
awesome awesome-cloud-security cloud-native cloud-security cloudnative cloudsecurity cybersecurity docker kubernetes tools
Last synced: 3 months ago
JSON representation
awesome cloud security 收集一些国内外不错的云安全资源,该项目主要面向国内的安全人员
- Host: GitHub
- URL: https://github.com/teamssix/awesome-cloud-security
- Owner: teamssix
- License: apache-2.0
- Created: 2022-04-14T13:38:22.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-05-06T12:03:27.000Z (7 months ago)
- Last Synced: 2024-05-19T21:12:18.878Z (7 months ago)
- Topics: awesome, awesome-cloud-security, cloud-native, cloud-security, cloudnative, cloudsecurity, cybersecurity, docker, kubernetes, tools
- Homepage: https://wiki.teamssix.com/CloudSecurityResources/
- Size: 11 MB
- Stars: 1,601
- Watchers: 26
- Forks: 199
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- more-awesome - Cloud Security - Summary of Cloud Service Security and Cloud Native Security Resources. (Security)
- ultimate-awesome - awesome-cloud-security - Awesome cloud security 收集一些国内外不错的云安全资源,该项目主要面向国内的安全人员. (Other Lists / PowerShell Lists)
- awesome-hacking-lists - teamssix/awesome-cloud-security - awesome cloud security 收集一些国内外不错的云安全资源,该项目主要面向国内的安全人员 (Others)
README
Awesome Cloud Security 云安全资源汇总 💫
Awesome Cloud Security 项目是从 T Wiki 云安全知识文库独立出来的一个项目, T Wiki 云安全知识文库中包含了自己在云安全方向的学习笔记以及大家一起贡献补充的云安全资源, T Wiki 云安全知识文库地址:[wiki.teamssix.com](https://wiki.teamssix.com)
The Awesome Cloud Security project is from the T Wiki cloud security knowledge base, The T Wiki cloud security knowledge base contains my learning notes on cloud security and cloud security resources contributed by everyone, T Wiki cloud security knowledge base site: [wiki.teamssix.com](https://wiki.teamssix.com)
> 提示:Mac 按住 command 键,Windows 或 Linux 按住 ctrl 键,然后再点击链接可以在新标签页中打开
## 0x01 资料 :books:
### 1 综合
* T Wiki 云安全知识文库 :fire: [地址](https://wiki.teamssix.com/)
* Hacking The Cloud(英文) [地址](https://hackingthe.cloud/)
* Cloud Security Wiki By NotSoSecure(英文)[地址](https://cloudsecwiki.com/index.html)
* Cloud Security Wiki By WithSecure(英文)[地址](https://www.secwiki.cloud/) `由「Kagantua」师傅补充,感谢支持`
* 云服务漏洞库(英文)[地址](https://www.cloudvulndb.org/)
* 2021 年云安全事件回顾(英文)[地址](https://blog.christophetd.fr/cloud-security-breaches-and-vulnerabilities-2021-in-review/)
* 云渗透技巧 HackTricks Cloud(英文)[地址](https://cloud.hacktricks.xyz)
* 云风险百科(英文)[地址](https://orca.security/resources/cloud-risk-encyclopedia/)
* 火线云安全知识库 [地址](https://cloudsec.huoxian.cn/)
* 云安全文库(英文)[地址](https://cloudsecdocs.com)
* Sysdig 2023 年全球云威胁报告(英文) [地址](https://sysdig.com/blog/2023-global-cloud-threat-report)
* 云渗透笔记 CloudPentestCheatsheets(英文)[地址](https://github.com/dafthack/CloudPentestCheatsheets) ![GitHub stars](https://img.shields.io/github/stars/dafthack/CloudPentestCheatsheets) `由「Kfzz1」师傅补充,感谢支持`
* AWS 攻击知识库 WeirdAAL (英文) [地址](https://github.com/carnal0wnage/weirdAAL) ![GitHub stars](https://img.shields.io/github/stars/carnal0wnage/weirdAAL)
* T Wiki 云安全知识文库项目 [地址](https://github.com/teamssix/TWiki) ![GitHub stars](https://img.shields.io/github/stars/teamssix/TWiki) ` T Wiki 文库现已开源,可部署到自己本地方便内网阅读`
* 云安全入门资料 [地址](https://github.com/Esonhugh/Attack_Code) ![GitHub stars](https://img.shields.io/github/stars/Esonhugh/Attack_Code)
* 云安全向导 [地址](https://github.com/GRQForCloud/cloud-security-guides) ![GitHub stars](https://img.shields.io/github/stars/GRQForCloud/cloud-security-guides)### 2 博客资讯
* 0xd4y 博客(英文)[地址](https://0xd4y.com/)
* Aqua 博客(英文)[地址](https://blog.aquasec.com/)
* AWS 安全公告(英文)[地址](https://aws.amazon.com/security/security-bulletins)
* Bridgecrew 博客(英文)[地址](https://bridgecrew.io/blog/)
* Christophe Tafani-Dereeper 博客(英文)[地址](https://blog.christophetd.fr/)
* Chris Farris 的个人博客(英文)[地址](https://www.chrisfarris.com/)
* CIS Benchmarks 下载页(英文)[地址](https://downloads.cisecurity.org)
* CNCF 博客(英文)[地址](https://www.cncf.io/blog/)
* Deepfence 博客(英文)[地址](https://deepfence.io/blog/)
* DevOps 安全博客(英文)[地址](https://www.conjur.org/blog/)
* DevOps 资讯(英文)[地址](https://devops.com/)
* Ermetic 博客(英文)[地址](https://ermetic.com/blog)
* Gafnit Amiga 的个人博客(英文)[地址](https://gafnit.blog/)
* HashiCorp 博客(英文)[地址](https://www.hashicorp.com/blog)
* Humanitec 博客(英文)[地址](https://humanitec.com/blog)
* Lacework 博客(英文)[地址](https://www.lacework.com/blog/)
* Lightspin 博客(英文)[地址](https://blog.lightspin.io/)
* Mystic0x1 博客(英文)[地址](https://mystic0x1.github.io/)
* Nick Frichette 的个人博客(英文)[地址](https://frichetten.com/)
* Orca 博客(英文)[地址](https://orca.security/resources/blog/)
* PeoplActive 博客(英文)[地址](https://peoplactive.com/blog/)
* Praetorian 博客(英文)[地址](https://www.praetorian.com/blog)
* Rhino Security Labs 博客(英文)[地址](https://rhinosecuritylabs.com/blog/?category=cloud-security)
* Sysdig 云安全报告资讯(英文)[地址](https://sysdig.com/resources/reports/)
* Sysdig 博客(英文)[地址](https://sysdig.com/blog/)
* TeamsSix 的个人博客 [地址](https://teamssix.com/)
* Trend Micro 博客(英文)[地址](https://www.trendmicro.com/en_us/devops.html)
* WIZ 博客(英文)[地址](https://www.wiz.io/blog/)
* 安全大道资讯(英文)[地址](https://securityboulevard.com/cloud-security/)
* 福布斯 Cloud 100(英文)[地址](https://forbes.com/lists/cloud100/)
* 火线安全每日云安全资讯 [地址](https://cloudsec.huoxian.cn/docs/information)
* 绿盟技术博客 [地址](http://blog.nsfocus.net/tag/%e4%ba%91%e5%ae%89%e5%85%a8/)
* 容器杂志资讯(英文)[地址](https://containerjournal.com/)
* 腾讯云鼎每日云安全资讯 [地址](https://cloudsec.tencent.com/info/list.html)
* 云安全资讯(每周更新一次)(英文)[地址](https://cloudseclist.com/past-issues)
* 云计算市场资讯(英文)[地址](https://interconnected.blog/tag/cloud-industry)
* 云原生实验室博客 [地址](https://icloudnative.io) `由「DVKunion」师傅补充,感谢支持`### 3 公众号
* TeamsSix
* 火线 Zone
* 云鼎实验室
* 绿盟科技研究通讯
* 默安逐日实验室
* Linux 云计算网络 `由「zxynull」师傅补充,感谢支持`
* 云原生技术社区 `由「zxynull」师傅补充,感谢支持`
* 进击云原生 `由「zxynull」师傅补充,感谢支持`
* CNCF
* 容器魔方
* 云计算D1net
* 云原生社区动态
* 大可不加冰
* 小佑科技 `由「宅独青年」师傅补充,感谢支持`
* 喵苗安全 `由「Yaney」师傅补充, 感谢支持`### 4 推特
* 0xd4y [![Twitter Follow](https://img.shields.io/twitter/follow/0xd4y)](https://twitter.com/0xd4y)
* Andy Robbins [![Twitter Follow](https://img.shields.io/twitter/follow/_wald0)](https://twitter.com/_wald0)
* Beau Bullock [![Twitter Follow](https://img.shields.io/twitter/follow/dafthack)](https://twitter.com/dafthack)
* Chris Farris [![Twitter Follow](https://img.shields.io/twitter/follow/jcfarris)](https://twitter.com/jcfarris)
* Christophe Tafani-Dereeper [![Twitter Follow](https://img.shields.io/twitter/follow/christophetd)](https://twitter.com/christophetd)
* Dirk-jan [![Twitter Follow](https://img.shields.io/twitter/follow/_dirkjan)](https://twitter.com/_dirkjan)
* Dr. Nestori Syynimaa [![Twitter Follow](https://img.shields.io/twitter/follow/DrAzureAD)](https://twitter.com/DrAzureAD)
* Emilien Socchi [![Twitter Follow](https://img.shields.io/twitter/follow/emiliensocchi)](https://twitter.com/emiliensocchi)
* Fabian Bader [![Twitter Follow](https://img.shields.io/twitter/follow/fabian_bader)](https://twitter.com/fabian_bader)
* Fawaz [![Twitter Follow](https://img.shields.io/twitter/follow/0xFawaz)](https://twitter.com/0xFawaz)
* gafnit [![Twitter Follow](https://img.shields.io/twitter/follow/gafnitav)](https://twitter.com/gafnitav)
* inversecosᵘʷᵘ [![Twitter Follow](https://img.shields.io/twitter/follow/inversecos)](https://twitter.com/inversecos)
* Jason Ostrom [![Twitter Follow](https://img.shields.io/twitter/follow/securitypuck)](https://twitter.com/securitypuck)
* Joosua Santasalo [![Twitter Follow](https://img.shields.io/twitter/follow/SantasaloJoosua)](https://twitter.com/SantasaloJoosua)
* Karl [![Twitter Follow](https://img.shields.io/twitter/follow/kfosaaen)](https://twitter.com/kfosaaen)
* Kfzz1 [![Twitter Follow](https://img.shields.io/twitter/follow/Kfzz12)](https://twitter.com/Kfzz12)
* Liv Matan [![Twitter Follow](https://img.shields.io/twitter/follow/terminatorLM)](https://twitter.com/terminatorLM)
* Marco Lancini [![Twitter Follow](https://img.shields.io/twitter/follow/lancinimarco)](https://twitter.com/lancinimarco)
* Melvin langvik [![Twitter Follow](https://img.shields.io/twitter/follow/Flangvik)](https://twitter.com/Flangvik)
* Merill [![Twitter Follow](https://img.shields.io/twitter/follow/merill)](https://twitter.com/merill)
* mx7krshell [![Twitter Follow](https://img.shields.io/twitter/follow/mx7krshell)](https://twitter.com/mx7krshell)
* Nathan McNulty [![Twitter Follow](https://img.shields.io/twitter/follow/NathanMcNulty)](https://twitter.com/NathanMcNulty)
* Nick Frichette [![Twitter Follow](https://img.shields.io/twitter/follow/Frichette_n)](https://twitter.com/Frichette_n)
* Nikhil Mittal [![Twitter Follow](https://img.shields.io/twitter/follow/nikhil_mitt)](https://twitter.com/nikhil_mitt)
* Nir Ohfeld [![Twitter Follow](https://img.shields.io/twitter/follow/nirohfeld)](https://twitter.com/nirohfeld)
* Raunak Parmar [![Twitter Follow](https://img.shields.io/twitter/follow/trouble1_raunak)](https://twitter.com/trouble1_raunak)
* Rhino Security Labs [![Twitter Follow](https://img.shields.io/twitter/follow/RhinoSecurity)](https://twitter.com/RhinoSecurity)
* Roberto Rodriguez [![Twitter Follow](https://img.shields.io/twitter/follow/Cyb3rWard0g)](https://twitter.com/Cyb3rWard0g)
* rootsecdev [![Twitter Follow](https://img.shields.io/twitter/follow/rootsecdev)](https://twitter.com/rootsecdev)
* rvrsh3ll [![Twitter Follow](https://img.shields.io/twitter/follow/424f424f)](https://twitter.com/424f424f)
* Ryan Hausknecht [![Twitter Follow](https://img.shields.io/twitter/follow/Haus3c)](https://twitter.com/Haus3c)
* Sami Lamppu [![Twitter Follow](https://img.shields.io/twitter/follow/samilamppu)](https://twitter.com/samilamppu)
* Sean Metcalf [![Twitter Follow](https://img.shields.io/twitter/follow/PyroTek3)](https://twitter.com/PyroTek3)
* Seth Art [![Twitter Follow](https://img.shields.io/twitter/follow/sethsec)](https://twitter.com/sethsec)
* Shir Tamari [![Twitter Follow](https://img.shields.io/twitter/follow/shirtamari)](https://twitter.com/shirtamari)
* Simon Décosse [![Twitter Follow](https://img.shields.io/twitter/follow/simondotsh)](https://twitter.com/simondotsh)
* Skyworship [![Twitter Follow](https://img.shields.io/twitter/follow/Skyworship2)](https://twitter.com/Skyworship2)
* Thomas Naunheim [![Twitter Follow](https://img.shields.io/twitter/follow/Thomas_Live)](https://twitter.com/Thomas_Live)### 5 书籍
* 《云原生安全-攻防实践与体系构建》
* 《Hacking Kubernetes》
* 《Hands-On AWS Penetration Testing with Kali Linux》### 6 视频
* 0xd4y 频道(英文)[地址](https://www.youtube.com/@0xd4y)
* CNCF 频道(英文)[地址](https://youtube.com/@cncf)
* WIZ 频道(英文)[地址](https://www.youtube.com/@wizsecurity)
* 火线云安全沙龙视频 [地址](https://space.bilibili.com/503330419)### 7 证书
* AWS 安全认证-专业 AWS Certified Security - Specialty [地址](https://aws.amazon.com/certification/certified-security-specialty/)
* AWS 认证解决方案架构师-助理 AWS Certified Solutions Architect – Associate [地址](https://aws.amazon.com/cn/certification/certified-solutions-architect-associate/)
* Azure 基础知识认证 Azure Fundamentals [地址](https://learn.microsoft.com/certifications/azure-fundamentals/)
* Azure 安全工程师助理 Azure Security Engineer Associate [地址](https://learn.microsoft.com/certifications/azure-security-engineer/)
* CompTIA Cloud+ [地址](https://www.comptia.org/certifications/cloud)
* GCP 专业云安全工程师 GCP Professional Cloud Security Engineer [地址](https://cloud.google.com/learn/certification/cloud-security-engineer)
* GCP 云工程师助理 Associate Cloud Engineer [地址](https://cloud.google.com/learn/certification/cloud-engineer)
* Kubernetes 认证安全专家 Certified Kubernetes Security Specialist (CKS) [地址](https://training.linuxfoundation.org/certification/certified-kubernetes-security-specialist/)
* 认证云安全专家 Certified Cloud Security Professional (CCSP) [地址](https://www.isc2.org/Certifications/CCSP)
* 阿里云专业工程师 Alibaba Cloud Certified Professional (ACP) [地址](https://edu.aliyun.com/certification)
* 阿里云云计算架构师 Alibaba Cloud Certified Expert - Cloud Computing (ACE) [地址](https://edu.aliyun.com/certification/ace01)
* 阿里云助理工程师 Alibaba Cloud Certified Associate (ACA) [地址](https://edu.aliyun.com/certification)### 8 云服务文章
**综合**
* 浅谈云上攻防——云服务器攻防矩阵 [地址](https://cloud.tencent.com/developer/article/1931560)
* 浅谈云上攻防——对象存储服务访问策略评估机制研究 [地址](https://mp.weixin.qq.com/s/ncWGrMsIAvh9HEK1QC5IGQ)
* 红队视角下的公有云基础组件安全 [地址](https://mp.weixin.qq.com/s/r0DuASP6gH_48b5sJ1DCTw)
* 红队视角下的公有云基础组件安全(二)[地址](https://mp.weixin.qq.com/s/lL32lywlrnuyhJkQk5NAEw)
* 公有云 IP 重用的威胁和防御方法分析 Paper(英文)[地址](https://arxiv.org/pdf/2204.05122.pdf)
* 企业迁移到公有云之前要问的5个问题 [地址](http://www.d1net.com/cloud/news/574569.html)
* 云上攻防:RED TEAMING FOR CLOUD [地址](http://avfisher.win/archives/1175)
* 云上攻防二三事(续)[地址](http://avfisher.win/archives/1331)
* 云计算隔离问题:PostgreSQL 的漏洞影响到多个云计算供应商(英文)[地址](https://www.wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilities)
* 常规云服务业务侧攻防视角研究 [地址](https://mp.weixin.qq.com/s/2yaQ_W5K7BfmycMO2UcXJg)
* 云安全学习建议与方向(英文)[地址](https://www.nojones.net/posts/breaking-into-cloudsec)
* 60 种云攻击的方法(英文)[地址](https://redteamrecipe.com/60-methods-for-cloud-attacksrtc0009) `由「程皮糖别皮」师傅补充,感谢支持`
* 云服务安全漏洞汇总 [地址](https://github.com/hashishrajan/cloud-security-vulnerabilities) ![GitHub stars](https://img.shields.io/github/stars/hashishrajan/cloud-security-vulnerabilities)
* Lightspin 2022 年 7 大云攻击路径(英文) [地址](https://github.com/lightspin-tech/lightspin-2022-top-7-attack-paths) ![GitHub stars](https://img.shields.io/github/stars/lightspin-tech/lightspin-2022-top-7-attack-paths)**AWS**
* AWS S3 对象存储攻防 [地址](https://zone.huoxian.cn/d/907-aws-s3)
* AWS EC2 弹性计算服务攻防 [地址](https://zone.huoxian.cn/d/1022-aws-ec2)
* 针对 AWS Lambda 的运行时攻击 [地址](https://mp.weixin.qq.com/s/duF1Z0EDC3n_G378Aq_XYA)
* 利用 AWS RDS 读取实例凭证(英文)[地址](https://blog.lightspin.io/aws-rds-critical-security-vulnerability)
* 利用 AWS RDS 读取实例凭证(中文翻译)[地址](https://zone.huoxian.cn/d/1141-aws-rdsaws)
* 风险最高的 10 种 AWS 配置错误 [地址](https://mp.weixin.qq.com/s/quIpapbkFNay0JtUK4wODQ)
* 在 AWS 下查看自己所拥有的权限 [地址](https://wiki.teamssix.com/CloudService/IAM/list-attached-user-policies.html)
* AWS 枚举(第一部分)(英文)[地址](https://securitycafe.ro/2022/11/01/aws-enumeration-part-1/)
* 当 0day 和访问密钥在云上被结合利用时:应对 SugarCRM 0day 漏洞 (英文) [地址](https://unit42.paloaltonetworks.com/sugarcrm-cloud-incident-black-hat/)
* 利用 AWS 官方对 log4j 漏洞的热补丁实现容器逃逸(英文)[地址](https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities/)
* AWS 创建后门的几种方法(英文)[地址](https://mystic0x1.github.io/posts/methods-to-backdoor-an-aws-account)
* AWS 权限提升(英文)[地址](https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation) ![GitHub stars](https://img.shields.io/github/stars/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation)**Azure**
* 微软云 对象存储攻防 [地址](https://zone.huoxian.cn/d/940)
* 微软云 VM 攻防 [地址](https://zone.huoxian.cn/d/1083-vm)
* Azure Cloud Shell 命令注入窃取用户的访问令牌(英文)[地址](https://blog.lightspin.io/azure-cloud-shell-command-injection-stealing-users-access-tokens)
* Azure 资源收集项目 Awesome-Azure-Pentest [地址](https://github.com/Kyuu-Ji/Awesome-Azure-Pentest) ![GitHub stars](https://img.shields.io/github/stars/Kyuu-Ji/Awesome-Azure-Pentest) `由「橘子怪」师傅补充,感谢支持`**GCP**
* 谷歌云 对象存储攻防 [地址](https://zone.huoxian.cn/d/931)
* 谷歌云 Compute Engine 攻防 [地址](https://zone.huoxian.cn/d/1043-compute-engine)
* Google Cloud Shell 命令注入(英文)[地址](https://bugra.ninja/posts/cloudshell-command-injection)
* GCP 渗透测试笔记(英文)[地址](https://0xd4y.com/2022/10/01/GCP-Penetration-Testing-Notes/)**阿里云**
* 阿里云 OSS 对象存储攻防 [地址](https://zone.huoxian.cn/d/918-oss)
* 阿里云 ECS 攻防 [地址](https://zone.huoxian.cn/d/1064-ecs)
* 从云服务器 SSRF 漏洞到接管你的阿里云控制台 [地址](https://wiki.teamssix.com/CloudService/EC2/aliyun-console-takeover.html)
* 我用 CF 打穿了他的云上内网 [地址](https://zone.huoxian.cn/d/1341-cf)
* 记录一次平平无奇的云上攻防过程 [地址](https://zone.huoxian.cn/d/2557)
* 一次简单的"云"上野战记录 [地址](https://mp.weixin.qq.com/s/wi8CoNwdpfJa6eMP4t1PCQ)
* 记一次打穿云上内网的攻防实战 [地址](https://zone.huoxian.cn/d/2766)**腾讯云**
* 腾讯云 COS 对象存储攻防 [地址](https://zone.huoxian.cn/d/949-cos)
* 腾讯云服务器攻防(CVM+轻量应用服务器)[地址](https://zone.huoxian.cn/d/1028-cvm)**华为云**
* 华为云 OBS 对象存储攻防 [地址](https://zone.huoxian.cn/d/962-obs)
* 华为云 ECS 弹性云服务器攻防 [地址](https://zone.huoxian.cn/d/1074-ecs)
* 华为云 CTF cloud 非预期解之 k8s 渗透实战 [地址](https://annevi.cn/2020/12/21/%E5%8D%8E%E4%B8%BA%E4%BA%91ctf-cloud%E9%9D%9E%E9%A2%84%E6%9C%9F%E8%A7%A3%E4%B9%8Bk8s%E6%B8%97%E9%80%8F%E5%AE%9E%E6%88%98/)### 9 云原生文章
**综合**
* 红蓝对抗中的云原生漏洞挖掘及利用实录 [地址](https://security.tencent.com/index.php/blog/msg/183)
* CIS 基准检测手册(英文) [地址](https://www.cisecurity.org/benchmark/kubernetes) `由「zhengjim」师傅补充,感谢支持`
* 浅谈 Linux Cgroup 机制 [地址](https://zhuanlan.zhihu.com/p/81668069) `由「zxynull」师傅补充,感谢支持`
* 保障云和容器安全的十个注意事项(英文)[地址](https://sysdig.com/blog/considerations-securing-cloud-containers/)
* CNCF 云原生安全白皮书 v2 [地址](https://github.com/cncf/tag-security/tree/main/security-whitepaper/v2)
* awesome-cloud-native-security from Metarget [地址](https://github.com/Metarget/awesome-cloud-native-security) ![GitHub stars](https://img.shields.io/github/stars/Metarget/awesome-cloud-native-security)**Docker**
* 特权模式下 Docker 逃逸手法总结 [地址](https://zone.huoxian.cn/d/1071-docker)
* 容器逃逸方法检测指北(附检测脚本)[地址](https://zone.huoxian.cn/d/990)
* Docker 核心技术与实现原理 [地址](https://draveness.me/docker/) `由「zxynull」师傅补充,感谢支持`
* 容器安全清单 container-security-checklist [地址](https://github.com/krol3/container-security-checklist) ![GitHub stars](https://img.shields.io/github/stars/krol3/container-security-checklist) `由「zxynull」师傅补充,感谢支持`**Kubernetes**
* 利用 gateway-api,我支配了 kubernetes [地址](https://mp.weixin.qq.com/s/Y4F72s0JSyvjLBN3iNyUZg)
* 浅析 k8s 各种未授权攻击方法 [地址](https://zone.huoxian.cn/d/1153-k8s)
* 云原生之 Kubernetes 安全 [地址](https://forum.butian.net/share/1095)
* RCE 进入内网接管 K8s 并逃逸进 xx 网 [地址](https://mp.weixin.qq.com/s/UvjKHaVzhluc22trF46uBA)
* 从零开始的 Kubernetes 攻防 [地址](https://github.com/neargle/my-re0-k8s-security) ![GitHub stars](https://img.shields.io/github/stars/neargle/my-re0-k8s-security)**eBPF**
* 使用 eBPF 逃逸容器技术分析与实践 [地址 ](https://security.tencent.com/index.php/blog/msg/206) `由「zxynull」师傅补充,感谢支持`
* 内核态 eBPF 程序实现容器逃逸与隐藏账号rootkit [地址 ](https://www.cnxct.com/container-escape-in-linux-kernel-space-by-ebpf/?f=wb&continueFlag=0ba98c50fdecece390192b7dd4adf11d) `由「zxynull」师傅补充,感谢支持`
* 基于 eBPF 实现容器运行时安全 [地址](https://www.ebpf.top/post/ebpf_container_security/) `由「zxynull」师傅补充,感谢支持`
* 初探 eBPF [地址](https://mp.weixin.qq.com/s/GvWKY4M5YvorC4JF2ztUvQ)**Terraform**
* Terraform 中文教程 [地址](https://lonegunmanb.github.io/introduction-terraform/)
* Terraform 使用入门以及在云上攻防中的作用 [地址](https://wiki.teamssix.com/CloudNative/Terraform/terraform-introductory.html)**APISIX**
* APISIX CVE-2022-29266 漏洞分析与复现 [地址](https://mp.weixin.qq.com/s/Un-9y_UhWDw9svHKb-JQVQ)
**CI/CD**
* CI/CD 攻击场景 - KCon 2023 议题 [地址](https://github.com/knownsec/KCon/blob/master/2023/CICD%E6%94%BB%E5%87%BB%E5%9C%BA%E6%99%AF.pdf) `由「宅独青年」师傅补充,感谢支持`
## 0x02 工具 :hammer_and_wrench:
### 1 云服务工具
#### 辅助工具
**综合**
* 在线搜索目标网站下的云资产 recon.cloud [地址](https://recon.cloud/)
* 在线多云管理平台 行云管家 [地址](https://www.cloudbility.com/) `由「半人间丶」师傅补充,感谢支持`
* AK 等敏感信息查找工具 trufflehog [地址](https://github.com/trufflesecurity/trufflehog) ![GitHub stars](https://img.shields.io/github/stars/trufflesecurity/trufflehog)
* 多云基线扫描工具 ScoutSuite [地址](https://github.com/nccgroup/ScoutSuite) ![GitHub stars](https://img.shields.io/github/stars/nccgroup/ScoutSuite)
* 云安全态势管理工具 CloudSploit [地址](https://github.com/aquasecurity/cloudsploit) ![GitHub stars](https://img.shields.io/github/stars/aquasecurity/cloudsploit) `由「da Vinci【达文西】」师傅补充,感谢支持`
* 基础设施关系绘制工具 Cartography [地址](https://github.com/lyft/cartography) ![GitHub stars](https://img.shields.io/github/stars/lyft/cartography)
* 多云对象存储管理工具 qiniuClient [地址](https://github.com/willnewii/qiniuClient) ![GitHub stars](https://img.shields.io/github/stars/willnewii/qiniuClient) `由「半人间丶」师傅补充,感谢支持`
* 云渗透信息收集工具 cloudfox [地址](https://github.com/BishopFox/cloudfox) ![GitHub stars](https://img.shields.io/github/stars/BishopFox/cloudfox)
* 云服务资源枚举工具 cloud_enum [地址](https://github.com/initstring/cloud_enum) ![GitHub stars](https://img.shields.io/github/stars/initstring/cloud_enum)
* 开源多云安全合规扫描平台 RiskScanner [地址](https://github.com/riskscanner/riskscanner) ![GitHub stars](https://img.shields.io/github/stars/riskscanner/riskscanner) `由「想走安全的小白」师傅补充,感谢支持`
* 多云对象存储扫描工具 Cloud-Bucket-Leak-Detection-Tools [地址](https://github.com/UzJu/Cloud-Bucket-Leak-Detection-Tools) ![GitHub stars](https://img.shields.io/github/stars/UzJu/Cloud-Bucket-Leak-Detection-Tools)
* 适用于 AWS 和 Azure 的扫描工具 SkyArk [地址](https://github.com/cyberark/SkyArk) ![GitHub stars](https://img.shields.io/github/stars/cyberark/SkyArk)
* 云上公开资产枚举 CloudBrute [地址](https://github.com/0xsha/CloudBrute) ![GitHub stars](https://img.shields.io/github/stars/0xsha/CloudBrute)
* 多云资产收集工具 cloudlist [地址](https://github.com/projectdiscovery/cloudlist) ![GitHub stars](https://img.shields.io/github/stars/projectdiscovery/cloudlist) `由「Kfzz1」师傅补充,感谢支持`
* 权限升级路径分析工具 PurplePanda [地址](https://github.com/carlospolop/PurplePanda) ![GitHub stars](https://img.shields.io/github/stars/carlospolop/PurplePanda)
* 云上攻击模拟工具 Leonidas [地址](https://github.com/WithSecureLabs/leonidas) ![GitHub stars](https://img.shields.io/github/stars/WithSecureLabs/leonidas)
* 开源的轻量级云管平台 CloudExplorer Lite [地址](https://github.com/CloudExplorer-Dev/CloudExplorer-Lite) ![GitHub stars](https://img.shields.io/github/stars/CloudExplorer-Dev/CloudExplorer-Lite)
* 红队云操作系统 RedCloudOS [地址](https://github.com/RedTeamOperations/RedCloud-OS) ![GitHub stars](https://img.shields.io/github/stars/RedTeamOperations/RedCloud-OS)
* 云资产管理工具 cloudTools [地址](https://github.com/dark-kingA/cloudTools) ![GitHub stars](https://img.shields.io/github/stars/dark-kingA/cloudTools) `由「弱鸡」师傅补充,感谢支持`
* 云服务枚举工具 cloud service enum [地址](https://github.com/NotSoSecure/cloud-service-enum) ![GitHub stars](https://img.shields.io/github/stars/NotSoSecure/cloud-service-enum)**AWS**
* 在线搜索公开的存储桶 buckets.grayhatwarfare.com [地址](https://buckets.grayhatwarfare.com/)
* AWS 文档 GPT 工具 [地址](https://www.awsdocsgpt.com)
* AWS S3 浏览器 S3 Browser [地址](https://s3browser.com) `由「Poker」师傅补充,感谢支持`
* 本地 AWS 环境部署工具 LocalStack [地址](https://github.com/localstack/localstack) ![GitHub stars](https://img.shields.io/github/stars/localstack/localstack) `由「Esonhugh」师傅补充,感谢支持`
* AWS 官方 CLI 工具 [地址](https://github.com/aws/aws-cli) ![GitHub stars](https://img.shields.io/github/stars/aws/aws-cli)
* AWS 环境分析工具 CloudMapper [地址](https://github.com/duo-labs/cloudmapper) ![GitHub stars](https://img.shields.io/github/stars/duo-labs/cloudmapper)
* S3 策略扫描工具 S3Scanner [地址](https://github.com/sa7mon/S3Scanner) ![GitHub stars](https://img.shields.io/github/stars/sa7mon/S3Scanner)
* AWS IAM 权限枚举工具 Principal Mapper [地址](https://github.com/nccgroup/PMapper) ![GitHub stars](https://img.shields.io/github/stars/nccgroup/PMapper)
* AWS IAM 权限枚举工具 enumerate-iam [地址](https://github.com/andresriancho/enumerate-iam) ![GitHub stars](https://img.shields.io/github/stars/andresriancho/enumerate-iam)
* S3 公开存储桶密钥扫描工具 S3cret Scanner [地址](https://github.com/Eilonh/s3crets_scanner) ![GitHub stars](https://img.shields.io/github/stars/Eilonh/s3crets_scanner)
* AWS 常见配置错误审计工具 YATAS [地址](https://github.com/padok-team/yatas) ![GitHub stars](https://img.shields.io/github/stars/padok-team/yatas)
* 检测多云环境中存在 dangling DNS 记录的工具 findmytakeover [地址](https://github.com/anirudhbiyani/findmytakeover) ![GitHub stars](https://img.shields.io/github/stars/anirudhbiyani/findmytakeover)
* Route53/CloudFront 漏洞评估工具 [地址](https://github.com/prevade/cloudjack) ![GitHub stars](https://img.shields.io/github/stars/prevade/cloudjack)
* CloudTrail 日志分析 IAM 权限工具 Cloudtrail2IAM [地址](https://github.com/carlospolop/Cloudtrail2IAM) ![GitHub stars](https://img.shields.io/github/stars/carlospolop/Cloudtrail2IAM)**Azure**
* Azure 官方 CLI 工具 [地址](https://github.com/Azure/azure-cli) ![GitHub stars](https://img.shields.io/github/stars/Azure/azure-cli)
* Azure MFA 检测工具 [地址](https://github.com/dafthack/MFASweep) ![GitHub stars](https://img.shields.io/github/stars/dafthack/MFASweep)
* Azure AD 和 Office 365 的 PowerShell 管理模块 AADInternals [地址](https://github.com/Gerenios/AADInternals) ![GitHub stars](https://img.shields.io/github/stars/Gerenios/AADInternals)
* BloodHound 收集 Azure 数据工具 AzureHound [地址](https://github.com/BloodHoundAD/AzureHound) ![GitHub stars](https://img.shields.io/github/stars/BloodHoundAD/AzureHound) `由「Kfzz1」师傅补充,感谢支持`
* Azure AD 信息收集工具 AzureGraph [地址](https://github.com/JoelGMSec/AzureGraph) ![GitHub stars](https://img.shields.io/github/stars/JoelGMSec/AzureGraph) `由「Kfzz1」师傅补充,感谢支持`**GCP**
* GCP 官方 CLI 工具 [地址](https://cloud.google.com/sdk/gcloud/)
* GCP 资源枚举工具 [地址](https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/gcp_enum)
* GCP 攻击面资源枚举工具 [地址](https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/gcp_firewall_enum)
* GCP 资源分析工具 Hayat [地址](https://github.com/DenizParlak/hayat) ![GitHub stars](https://img.shields.io/github/stars/DenizParlak/hayat)
* GCP IAM 权限收集工具 gcp-iam-collector [地址](https://github.com/marcin-kolda/gcp-iam-collector) ![GitHub stars](https://img.shields.io/github/stars/marcin-kolda/gcp-iam-collector)
* Google Workspace 目录转储工具 Google Workspace Directory Dump Tool [地址](https://github.com/RedTeamOperations/GoogleWorkspaceDirectoryDump) ![GitHub stars](https://img.shields.io/github/stars/RedTeamOperations/GoogleWorkspaceDirectoryDump)**阿里云**
* 阿里云官方 OSS 管理工具 [地址](https://github.com/aliyun/oss-browser) ![GitHub stars](https://img.shields.io/github/stars/aliyun/oss-browser) `由「半人间丶」师傅补充,感谢支持`
* 阿里云官方 CLI 工具 [地址](https://github.com/aliyun/aliyun-cli) ![GitHub stars](https://img.shields.io/github/stars/aliyun/aliyun-cli)**腾讯云**
* 腾讯云轻量服务器管理工具 [地址](https://www.qqvps.com/d/1011) `由「tanger」师傅补充,感谢支持`
* 腾讯云官方 COS 辅助工具 [地址](https://cosbrowser.cloud.tencent.com/) `由「Esonhugh」师傅补充,感谢支持`
* 腾讯云官方 CLI 工具 [地址](https://github.com/TencentCloud/tencentcloud-cli) ![GitHub stars](https://img.shields.io/github/stars/TencentCloud/tencentcloud-cli)**华为云**
* 华为云 OBS 官方管理工具 OBS Browser+ [地址](https://support.huaweicloud.com/browsertg-obs/obs_03_1003.html)
**天翼云**
* 天翼云对象存储连接工具 [地址](https://www.ctyun.cn/document/10000101/10006768)
**青云**
* 青云官方 CLI 工具 [地址](https://docsv4.qingcloud.com/user_guide/development_docs/cli/install/install) `由 「苏打养乐多」师傅补充,感谢支持`
#### 利用工具
**多云**
* 阿里云/腾讯云 AK 资源管理工具 [地址](https://github.com/wyzxxz/aksk_tool) ![Github stars](https://img.shields.io/github/stars/wyzxxz/aksk_tool) `由「Esonhugh」师傅补充,感谢支持`
* 支持 GUI 的 AWS、GCP 利用工具 Vajra [地址](https://github.com/TROUBLE-1/Vajra) ![Github stars](https://img.shields.io/github/stars/TROUBLE-1/Vajra) `由「Kfzz1」师傅补充,感谢支持`**AWS**
* AWS 综合利用工具 pacu [地址](https://github.com/RhinoSecurityLabs/pacu) ![GitHub stars](https://img.shields.io/github/stars/RhinoSecurityLabs/pacu)
* AWS 渗透工具集 aws-pentest-tools [地址](https://github.com/RhinoSecurityLabs/Security-Research/tree/master/tools/aws-pentest-tools) ![GitHub stars](https://img.shields.io/github/stars/RhinoSecurityLabs/Security-Research)
* AWS Lambda 密码喷洒工具 CredKing [地址](https://github.com/ustayready/CredKing) ![GitHub stars](https://img.shields.io/github/stars/ustayready/CredKing)
* AWS AccessKey 泄漏利用工具 awsKeyTools [地址](https://github.com/Aabyss-Team/awsKeyTools) ![GitHub stars](https://img.shields.io/github/stars/Aabyss-Team/awsKeyTools) `由「1derian」和「ShangRui-hash」师傅联合补充,感谢支持`
* AWS 渗透测试工具 Endgame [地址](https://github.com/DavidDikker/endgame) ![GitHub stars](https://img.shields.io/github/stars/DavidDikker/endgame)
* AWS 控制台接管利用工具 aws_consoler [地址](https://github.com/NetSPI/aws_consoler) ![GitHub stars](https://img.shields.io/github/stars/NetSPI/aws_consoler)
* AWS 红队利用脚本 Redboto [地址](https://github.com/ihamburglar/Redboto) ![GitHub stars](https://img.shields.io/github/stars/ihamburglar/Redboto)
* AWS 域控卷影拷贝工具 CloudCopy [地址](https://github.com/Static-Flow/CloudCopy) ![GitHub stars](https://img.shields.io/github/stars/Static-Flow/CloudCopy)**Azure**
* Azure 安全评估 PowerShell 工具包 MicroBurst [地址](https://github.com/NetSPI/MicroBurst) ![GitHub stars](https://img.shields.io/github/stars/NetSPI/MicroBurst)
* Azure 红队利用工具 Stormspotter [地址](https://github.com/Azure/Stormspotter) ![GitHub stars](https://img.shields.io/github/stars/Azure/Stormspotter) `由「da Vinci【达文西】」师傅补充,感谢支持`
* Azure AD 利用工具集 ROADtools [地址](https://github.com/dirkjanm/ROADtools) ![GitHub stars](https://img.shields.io/github/stars/dirkjanm/ROADtools)
* 枚举、喷洒、渗透 O365 AAD 帐户工具 TeamFiltration [地址](https://github.com/Flangvik/TeamFiltration) ![GitHub stars](https://img.shields.io/github/stars/Flangvik/TeamFiltration)
* Azure JWT 令牌操作工具集 TokenTactics [地址](https://github.com/rvrsh3ll/TokenTactics) ![GitHub stars](https://img.shields.io/github/stars/rvrsh3ll/TokenTactics)
* Microsoft 365 安全工具箱 DCToolbox [地址](https://github.com/DanielChronlund/DCToolbox) ![GitHub stars](https://img.shields.io/github/stars/DanielChronlund/DCToolbox)
* 滥用 Microsoft 365 OAuth 授权流程进行网络钓鱼攻击的概念验证脚本 Microsoft365_devicePhish [地址](https://github.com/optiv/Microsoft365_devicePhish) ![GitHub stars](https://img.shields.io/github/stars/optiv/Microsoft365_devicePhish)
* Azure AD 身份保护 Cookie 重放测试工具 [地址](https://github.com/jsa2/aadcookiespoof) ![GitHub stars](https://img.shields.io/github/stars/jsa2/aadcookiespoof)
* 用于攻击 Azure Function 应用程序的 PowerShell 工具 FuncoPop [地址](https://github.com/NetSPI/FuncoPop) ![GitHub stars](https://img.shields.io/github/stars/NetSPI/FuncoPop)**GCP**
* GCP 利用工具集 [地址](https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/gcp_misc)
* GCP Bucket 枚举工具 GCPBucketBrute [地址](https://github.com/RhinoSecurityLabs/GCPBucketBrute) ![GitHub stars](https://img.shields.io/github/stars/RhinoSecurityLabs/GCPBucketBrute)
* GCP IAM 权限提升方法 GCP-IAM-Privilege-Escalation [地址](https://github.com/RhinoSecurityLabs/GCP-IAM-Privilege-Escalation) ![GitHub stars](https://img.shields.io/github/stars/RhinoSecurityLabs/GCP-IAM-Privilege-Escalation) `由「da Vinci【达文西】」师傅补充,感谢支持`
* GCP Token 复用工具 [地址](https://github.com/RedTeamOperations/GCPTokenReuse) ![GitHub stars](https://img.shields.io/github/stars/RedTeamOperations/GCPTokenReuse)**Google Workspace**
* Simple Workspace ATT&CK Tool - SWAT [地址](https://github.com/elastic/SWAT) ![GitHub stars](https://img.shields.io/github/stars/elastic/SWAT)
**阿里云**
* 阿里云 AccessKey 利用工具 aliyun-accesskey-Tools [地址](https://github.com/mrknow001/aliyun-accesskey-Tools) ![GitHub stars](https://img.shields.io/github/stars/mrknow001/aliyun-accesskey-Tools) `由「半人间丶」师傅补充,感谢支持`
* 阿里云 ECS、策略组辅助小工具 alicloud-tools [地址](https://github.com/iiiusky/alicloud-tools) ![GitHub stars](https://img.shields.io/github/stars/iiiusky/alicloud-tools) `由「半人间丶」师傅补充,感谢支持`
* 阿里云 AccessKey 泄漏利用工具 AliyunAccessKeyTools [地址](https://github.com/NS-Sp4ce/AliyunAccessKeyTools) ![GitHub stars](https://img.shields.io/github/stars/NS-Sp4ce/AliyunAccessKeyTools) `由「半人间丶」师傅补充,感谢支持`**腾讯云**
* 腾讯云 AccessKey 利用工具 Tencent_Yun_tools [地址](https://github.com/freeFV/Tencent_Yun_tools) ![GitHub stars](https://img.shields.io/github/stars/freeFV/Tencent_Yun_tools)
### 2 云原生工具
#### 辅助工具
**综合**
* 开源的云原生安全平台 HummerRisk [地址](https://github.com/HummerRisk/HummerRisk) ![GitHub stars](https://img.shields.io/github/stars/HummerRisk/HummerRisk) `由「Ma1tobiose」师傅补充,感谢支持`
* 开源云原生安全防护平台 neuvector [地址](https://github.com/neuvector/neuvector) ![GitHub stars](https://img.shields.io/github/stars/neuvector/neuvector) `由「Idle Life」师傅补充,感谢支持`**Docker**
* 一个支持在线分析容器镜像的网站 contains [地址](https://contains.dev/) `由「zxynull」师傅补充,感谢支持`
* 容器镜像分析工具 DIVE [地址](https://github.com/wagoodman/dive) ![GitHub stars](https://img.shields.io/github/stars/wagoodman/dive) `由「zxynull」师傅补充,感谢支持`
* 镜像扫描工具 trivy [地址](https://github.com/aquasecurity/trivy) ![GitHub stars](https://img.shields.io/github/stars/aquasecurity/trivy) `由「zxynull」师傅补充,感谢支持`
* 容器镜像漏洞静态扫描工具 Clair [地址](https://github.com/quay/clair) ![GitHub stars](https://img.shields.io/github/stars/quay/clair) `由「zxynull」师傅补充,感谢支持`
* 检查生产环境中部署容器的最佳实践 Docker_Bench_Security [地址](https://github.com/docker/docker-bench-security) ![GitHub stars](https://img.shields.io/github/stars/docker/docker-bench-security) `由「zxynull」师傅补充,感谢支持`
* 原生支持容器的系统可见性工具 sysdig [地址](https://github.com/draios/sysdig) ![GitHub stars](https://img.shields.io/github/stars/draios/sysdig) `由「zxynull」师傅补充,感谢支持`
* Docker 镜像扫描工具 Anchore [地址](https://github.com/anchore/syft/) ![GitHub stars](https://img.shields.io/github/stars/anchore/syft) `由「zxynull」师傅补充,感谢支持`
* Docker 静态分析工具 Dagda [地址](https://github.com/eliasgranderubio/dagda/) ![GitHub stars](https://img.shields.io/github/stars/eliasgranderubio/dagda) `由「zxynull」师傅补充,感谢支持`
* 容器逃逸检测工具 container-escape-check [地址](https://github.com/teamssix/container-escape-check) ![GitHub stars](https://img.shields.io/github/stars/teamssix/container-escape-check)**Kubernetes**
* 基于终端 UI 的 k8s 集群管理工具 k9s [地址](https://github.com/derailed/k9s) ![GitHub stars](https://img.shields.io/github/stars/derailed/k9s)
* k8s 异常活动检测工具 Falco [地址](https://github.com/falcosecurity/falco) ![GitHub stars](https://img.shields.io/github/stars/falcosecurity/falco) `由「zxynull」师傅补充,感谢支持`
* CIS 基准检测工具 kube bench [地址](https://github.com/aquasecurity/kube-bench) ![GitHub stars](https://img.shields.io/github/stars/aquasecurity/kube-bench) `由「zhengjim」师傅补充,感谢支持`
* k8s 集群安全漏洞发现工具 kube hunter [地址](https://github.com/aquasecurity/kube-hunter) ![GitHub stars](https://img.shields.io/github/stars/aquasecurity/kube-hunter) `由「zhengjim」师傅补充,感谢支持`
* k8s 集群风险权限扫描工具 KubiScan [地址](https://github.com/cyberark/KubiScan) ![GitHub stars](https://img.shields.io/github/stars/cyberark/KubiScan) `由「UzJu」师傅补充,感谢支持`
* k8s 安全风险检测工具 StackRox [地址](https://github.com/stackrox/stackrox) [工具介绍](https://www.stackrox.io/blog/open-source-stackrox-is-now-available/) ![GitHub stars](https://img.shields.io/github/stars/stackrox/stackrox) `由「m4d3bug」师傅补充,感谢支持`
* k8s 安全审计工具 kubestriker [地址](https://github.com/vchinnipilli/kubestriker) ![GitHub stars](https://img.shields.io/github/stars/vchinnipilli/kubestriker) `由「zhengjim」师傅补充,感谢支持`
* 基于 kubectl 的红队 k8s 安全评估工具 red kube [地址](https://github.com/lightspin-tech/red-kube) ![GitHub stars](https://img.shields.io/github/stars/lightspin-tech/red-kube) `由「zhengjim」师傅补充,感谢支持`
* k8s 调试辅助工具 validkube [地址](https://github.com/komodorio/validkube) ![GitHub stars](https://img.shields.io/github/stars/komodorio/validkube)**Terraform**
* Terraform 可视化 [地址](https://github.com/hieven/terraform-visual) ![GitHub stars](https://img.shields.io/github/stars/hieven/terraform-visual)
#### 利用工具
* 容器渗透工具集 CDK [地址](https://github.com/cdk-team/CDK) ![GitHub stars](https://img.shields.io/github/stars/cdk-team/CDK)
* 容器安全工具集 veinmind-tools [地址](https://github.com/chaitin/veinmind-tools) ![GitHub stars](https://img.shields.io/github/stars/chaitin/veinmind-tools)
* k8s 渗透测试工具 Peirates [地址](https://github.com/inguardians/peirates) ![GitHub stars](https://img.shields.io/github/stars/inguardians/peirates) `由「Idle Life」师傅补充,感谢支持`
* 容器渗透测试工具 BOtB [地址](https://github.com/brompwnie/botb) ![GitHub stars](https://img.shields.io/github/stars/brompwnie/botb) `由「Idle Life」师傅补充,感谢支持`
* 容器利用工具 CCAT [地址](https://github.com/RhinoSecurityLabs/ccat) ![GitHub stars](https://img.shields.io/github/stars/RhinoSecurityLabs/ccat) `由「zhengjim」师傅补充,感谢支持`## 0x03 靶场 :dart:
### 云服务靶场
* 在线收费的包含云安全实验的靶场 Attack Defense [地址](https://attackdefense.pentesteracademy.com/listing?labtype=cloud-services&subtype=cloud-services-amazon-s3)
* 在线免费的 AWS 渗透测试靶场 Free AWS Security Labs [地址](https://pentesting.cloud/) `由「cr」师傅补充,感谢支持`
* 在线多云渗透靶场 pwnedlabs [地址](https://pwnedlabs.io) `由「RBPi」师傅补充,感谢支持`
* AWS 靶场部署工具 cloudgoat [地址](https://github.com/RhinoSecurityLabs/cloudgoat) ![GitHub stars](https://img.shields.io/github/stars/RhinoSecurityLabs/cloudgoat)
* AWS 靶场 AWSGoat [地址](https://github.com/ine-labs/AWSGoat) ![GitHub stars](https://img.shields.io/github/stars/ine-labs/AWSGoat)
* Azure 靶场 AzureGoat [地址](https://github.com/ine-labs/AzureGoat) ![GitHub stars](https://img.shields.io/github/stars/ine-labs/AzureGoat) `由「Kfzz1」师傅补充,感谢支持`
* 多云靶场搭建工具 TerraformGoat [地址](https://github.com/HuoCorp/TerraformGoat) ![GitHub stars](https://img.shields.io/github/stars/HuoCorp/TerraformGoat)
* AWS IAM 靶场 IAM Vulnerable [地址](https://github.com/BishopFox/iam-vulnerable) ![GitHub stars](https://img.shields.io/github/stars/BishopFox/iam-vulnerable)
* GCP 靶场部署工具 GCPGoat [地址](https://github.com/ine-labs/GCPGoat) ![GitHub stars](https://img.shields.io/github/stars/ine-labs/GCPGoat) `由「Kfzz1」师傅补充,感谢支持`### 云原生靶场
* WIZ K8s 靶场 WIZ K8S LAN Party [地址](https://www.k8slanparty.com/) `由「feng」师傅补充,感谢支持`
* k8s 靶场部署工具 Kubernetes Goat [地址](https://github.com/madhuakula/kubernetes-goat) ![GitHub stars](https://img.shields.io/github/stars/madhuakula/kubernetes-goat) `由「UzJu」师傅补充,感谢支持`
* CI/CD 靶场部署工具 [地址](https://github.com/cider-security-research/cicd-goat) ![GitHub stars](https://img.shields.io/github/stars/cider-security-research/cicd-goat) `由「Kfzz1」师傅补充,感谢支持`
* 云原生靶场部署工具 metarget [地址](https://github.com/Metarget/metarget) ![GitHub stars](https://img.shields.io/github/stars/Metarget/metarget)## 贡献者 :confetti_ball:
感谢你们的支持 ~
TeamsSix
1derian
ShangRui-hash
半人间丶
UzJu
Idle Life
zhengjim
zxynull
m4d3bug
da Vinci【达文西】
tanger
想走安全的小白
Esonhugh
Kfzz1
cr
Ma1tobiose
DVKunion
苏打养乐多
橘子怪
宅独青年
弱鸡
RBPi
程皮糖别皮
Kagantua
feng
Poker
Yaney
### 想要一起补充?直接给本项目提 PR 或者使用右侧链接中的方法:[补充说明地址](https://wiki.teamssix.com/About/Contribute.html)
## 更新日志 :calendar:
在 T Wiki 云安全文库的更新日志中,记录了 Awesome Cloud Security 项目和文库的更新情况,在 [wiki.teamssix.com/Changelog](https://wiki.teamssix.com/Changelog) 这里可以查看。
另外我的个人微信公众号:`TeamsSix` 欢迎你来关注
师傅都看到这了,还不点个 Star :star2: 再走吗 ~