lightspin-2022-top-7-attack-paths
Cloud Attack Paths
Compiles research on cloud security trends and attack paths
Based on Lightspin proprietary data, research, and our tracking of cloud security trends in the market, our research team has compiled a list of the 2022 Top 7 Cloud Attack Paths across AWS, Azure, GCP, and Kubernetes as seen on the Lightspin Cloud Native Application Protection Platform.
39 stars
2 watching
1 forks
last commit: over 2 years ago
Linked from 1 awesome list
attack-pathsattack-surfaceaws-securityawssecurityazure-securityazuresecuritycloud-securitycloudsecuritygcp-securitymitre-attackttps
teamssix/awesome-cloud-securityRelated projects:
| Repository | Description | Stars |
|---|---|---|
 hashishrajan/cloud-security-vulnerabilities | Lists publicly disclosed vulnerabilities in various cloud services. | 357 |
 sergiomarotco/azure-devops-server-supply-chain-attack-tree | An attack tree model for identifying potential security vulnerabilities in an Azure DevOps Server supply chain. | 7 |
 prevade/cloudjack | Checks AWS accounts for subdomain hijacking vulnerabilities | 84 |
 esonhugh/attack_code | An introductory article on cloud security and development, covering various aspects of cloud computing, including infrastructure, storage, deployment, and security. | 535 |
 datadog/stratus-red-team | Provides a tool to emulate offensive attack techniques in the cloud | 1,825 |
 jlopp/physical-bitcoin-attacks | Compiles known physical attacks on Bitcoin and cryptocurrency owners | 577 |
 salesforce/cloudsplaining | A tool that scans AWS IAM policies to identify security vulnerabilities and generates a report with recommendations for remediation | 1,998 |
 cloud-architekt/azuread-attack-defense | A collection of attack scenarios and mitigation strategies for Microsoft Entra ID | 2,149 |
 sukkaw/cloudflare-block-bad-bot-ruleset | Protects websites from malicious crawlers and bots by filtering out suspicious traffic based on user-agent information | 209 |
 bishopfox/smogcloud | Automatically identifies and monitors cloud assets exposed to the internet without authorization | 332 |
 sbasu7241/aws-threat-simulation-and-detection | This repository documents the simulation and detection of various AWS attack scenarios using Stratus Red Team and SumoLogic for logging and analysis. | 282 |
 aquasecurity/cloudsploit | A tool designed to detect security risks in cloud infrastructure accounts | 3,355 |
 someengineering/fixinventory | Tools to identify and remove critical risks in cloud infrastructure accounts by analyzing metadata from APIs of various cloud services | 1,608 |
 azure/stormspotter | A tool for analyzing and visualizing Azure objects to help security teams understand potential attack surfaces. | 1,546 |
 dark-kinga/cloudtools | A cloud asset management tool for detecting and managing cloud security vulnerabilities in various cloud services | 902 |