diff --git a/Contribute.md b/Contribute.md index 9a8f53b..c126a08 100644 --- a/Contribute.md +++ b/Contribute.md @@ -1,13 +1,14 @@ # Contribution Guidelines -Together we can make it a better repo for all cybsecurity related important +Together we can make it a better repo for AWS Security related important references. So, please keep contributing hackers! -Please ensure your pull request follow to the below guidelines: - +**Please ensure your pull request follow to the below guidelines:** - Please make sure your suggestion is not duplicate. -- Do a pull request for suggestion by providing a Link and Description. -- Feel free to suggeset new categories and/or improvements to the existing one. +- Do a pull request for suggestion by providing a Link and Description. +- Add your contents at the end of the list under appropriate headings. +- Contents will be added on first come first serve basis. +- Feel free to suggest new categories and/or improvements to the existing one. - Feel free to share and comment - -Appreciate your contributions and thank you for the suggestions! + +*Appreciate your contributions and thank you for the suggestions!* diff --git a/README.md b/README.md index dbb1e85..459b2c4 100644 --- a/README.md +++ b/README.md @@ -5,27 +5,82 @@ Paid), Exploit, CTFs, Hacking Practices etc. which are obviously related to AWS _List inspired by the [awesome](https://github.com/sindresorhus/awesome) list thing._ ## Books +1. Hands-On AWS Penetration Testing with Kali Linux by PackT +2. Mastering AWS Security by PackT +3. Security Best Practices on AWS by PackT +4. Cloud Security Automation +5. AWS Automation Cookbook + +## AWS Whitepapers +1. [AWS Security Best Practices](http://d0.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf) +2. [AWS Security Pillar](https://d1.awsstatic.com/whitepapers/architecture/AWS-Security-Pillar.pdf) +3. [AWS Overview of Security Processes](https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf) +4. [NIST Cybersecurity Framework](https://d0.awsstatic.com/whitepapers/compliance/NIST_Cybersecurity_Framework_CSF.pdf) +5. [AWS Risk And Compliance](https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf) +6. [AWS Auditing Security Checklist](https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf) +7. [AWS HIPAA Compliance Whitepaper](https://d0.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf) ## Videos +1. [AWS Security by Design](https://www.youtube.com/watch?v=I1SwoKxB13c) - Youtube +2. [Account Security with IAM](https://www.youtube.com/watch?v=9CKsX6MOPDQ) - Youtube +3. [AWS re:Inforce 2019 Security Best Practices](https://www.youtube.com/watch?v=u6BCVkXkPnM) - Youtube +4. [AWS Cloud Security Playlist](https://www.youtube.com/watch?v=N4DdqAkeqD4&list=PLxzKY3wu0_FL4VDfuCohtikXTQNTvKQVX) - Youtube -## Online Tutorials/Blogs +## Online Tutorials/Blogs/Presentations +1. [AWS Security official blog](https://aws.amazon.com/blogs/security/) +2. [AWS in Plain English](https://expeditedsecurity.com/aws-in-plain-english/) +3. [Why the CIA trusts AWS](https://mediatemple.net/blog/tips/aws-building-blocks/) +4. [Fundamentals of AWS Security](https://www.slideshare.net/AmazonWebServices/fundamentals-of-aws-security) - Presentation from AWS +5. [Introduction to AWS Security](https://www.slideshare.net/AmazonWebServices/introduction-to-aws-security-131234529) - Presentation from AWS ## Online Courses (Paid/Free) - -## Podcasts - -## Conferences - -## Slideshare +1. [AWS Fundamentals: Address Security Risks](https://www.coursera.org/learn/aws-fundamentals-addressing-security-risk) - Coursera +2. [Cloud Computing Security](https://www.coursera.org/learn/cloud-computing-security) - Coursera +3. [AWS: Getting started with Cloud Security](https://www.edx.org/course/aws-getting-started-with-cloud-security) - EdX +4. [AWS Certified Security Specialty](https://www.udemy.com/course/aws-certified-security-specialty/) - Udemy by Zeal Vora +5. [AWS Certified Security Specialty](https://acloud.guru/learn/aws-certified-security-specialty) - From Acloud.guru +6. [AWS Advanced Security](https://www.udemy.com/course/aws-advanced-security/) - Udemy +7. [AWS for Architects: Advanced Security](https://www.linkedin.com/learning/aws-for-architects-advanced-security/) - Linkedin Learn by Lynn Langit +8. [Practical Event Driven Security with AWS](https://acloud.guru/learn/practical-event-driven-security-with-aws) - Acloud.guru +9. [Learning Path for AWS Security](https://learn.acloud.guru/learning-path/aws-security) - Nicely designed the learning path who wants to be an AWS Security Experts from Acloud.guru +10. [Cloud Hacking course](https://www.notsosecure.com/hacking-training/cloud-hacking/) - From NotSoSercure ## Tools of Trade +1. [AWS Security Products](https://aws.amazon.com/products/security/) +2. [Arsenal of AWS Security Tools](https://github.com/toniblyx/my-arsenal-of-aws-security-tools) - Collection of all security category tools and products +3. [AWS Security Automation](https://github.com/awslabs/aws-security-automation) - Collection of scripts and resources for DevSecOps and Automated Incident Response Security +4. [Security Monkey](https://github.com/Netflix/security_monkey) - Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time. +5. [truffleHog](https://github.com/dxa4481/truffleHog) - Searches through git repositories for high entropy strings and secrets, digging deep into commit history +6. [gitleaks](https://github.com/zricethezav/gitleaks) - Audit git repos for secrets +7. [AWS Security Benchmark](https://github.com/awslabs/aws-security-benchmark) - Open source demos, concept and guidance related to the AWS CIS Foundation framework. +8. [S3 Inspector](https://github.com/kromtech/s3-inspector) - Tool to check AWS S3 bucket permissions +9. [ScoutSuite](https://github.com/nccgroup/ScoutSuite) - Multi-Cloud Security Auditing Tool +10. [Prowler](https://github.com/toniblyx/prowler) - AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. +11. [AWS Vault](https://github.com/99designs/aws-vault) - A vault for securely storing and accessing AWS credentials in development environments +12. [AWS PWN](https://github.com/dagrz/aws_pwn) - A collection of AWS penetration testing junk +13. [Pacu](https://github.com/RhinoSecurityLabs/pacu) - AWS Penetration Testing Toolkits +14. [Zeus](https://github.com/DenizParlak/Zeus) - AWS Auditing and Hardening tool +15. [Cloud Mapper](https://github.com/duo-labs/cloudmapper) - Analyze your AWS environments (Python) -## Online Security Practice and CTFs +## Security Practice and CTFs +1. [AWS Well Architected Security Labs](https://wellarchitectedlabs.com/Security/README.html) +2. [Flaws to learn common mistakes in AWS through challenge](http://flaws.cloud/) +3. [Flaws2 focuses on AWS security concepts through various challenge levels](http://flaws2.cloud/) +4. [CloudGoat](https://github.com/RhinoSecurityLabs/cloudgoat) - Vulnerable by Design AWS infrastructure setup tool +5. [OWASP ServerlessGoat](https://github.com/OWASP/Serverless-Goat) - OWASP ServerlessGoat is a deliberately insecure realistic AWS Lambda serverless application maintained by OWASP for educational purposes. + +## AWS Security Breaches +1. [AWS Security breaches - 2017](https://www.sumologic.com/blog/aws-security-breaches-2017/) +2. [200 million voters data leak](https://www.skyhighnetworks.com/cloud-security-blog/latest-voter-data-leak-is-a-lesson-in-aws-security/) - A lesson in AWS Security +3. [Imperva blames data breach on Stolen AWS API keys](https://www.zdnet.com/article/imperva-blames-data-breach-on-stolen-aws-api-key/) +4. [Tesla's Amazon cloud account was hacked and used to mine cryptocurrency](https://www.businessinsider.in/finance/teslas-amazon-cloud-account-was-hacked-and-used-to-mine-cryptocurrency/articleshow/63003345.cms) +5. [10 worst Amazon S3 breaches](https://businessinsights.bitdefender.com/worst-amazon-breaches) +6. [Lion Air the Latest to Get Tripped Up by Misconfigured AWS S3](https://www.darkreading.com/attacks-breaches/lion-air-the-latest-to-get-tripped-up-by-misconfigured-aws-s3-/d/d-id/1335864) ## Contributors [Please refer the guidelines at contribute.md for details](Contribute.md). -Thanks to the following folks who made contributions to this project. +Thanks to the following folks who made contributions to this project. **Get your name listed here**