List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

Stock options, RSUs, taxes — read the latest edition: www.holloway.com/ec

Attack and defend active directory using modern post exploitation adversary tradecraft activity

PacBot (Policy as Code Bot)

Vulnerability Static Analysis for Containers

Python-based utility that uses supervised machine learning to detect phishing domains from the Certificate Transparency log network.

Automated network asset, email, and social media profile discovery and cataloguing.

An information security preparedness tool to do adversarial simulation.

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

Security Tool to Look For Interesting Files in S3 Buckets

Guide to using YubiKey for GnuPG and SSH

An evil RAT (Remote Administration Tool) for macOS / OS X.

AWS Least Privilege for Distributed, High-Velocity Deployment

Manage AWS EC2 SSH access with IAM

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Lambda job in Python to automatically patch EC2 instances when an inspector assessment generates a CVE finding

Pentest Lab on OpenStack with Heat, Chef provisioning and Docker

Impacket is a collection of Python classes for working with network protocols.

A number of Recipes for AWS

Daemon to ban hosts that cause multiple authentication errors

Collection of the most common vulnerabilities found in iOS applications

Mac Media Keys for the Masses

Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics…

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

The Adaptive Security Testing Methodology (ASTM) provides context-adjusted testing methodologies based on factors such as time available to test, platform, technology stack, versions, plugins, modu…

The easiest, and most secure way to access and protect all of your infrastructure.

A binary authorization and monitoring system for macOS

Security Guide for Developers (实用性开发人员安全须知)

A Slack bot to add security info to messages containing URLs, hashes and IPs