Updated README with the contents

This commit is contained in:
jassi 2019-12-30 23:35:32 +05:30
parent a9ae5de49a
commit 23ebb6b9d9
2 changed files with 72 additions and 16 deletions

View File

@ -1,13 +1,14 @@
# Contribution Guidelines # Contribution Guidelines
Together we can make it a better repo for all cybsecurity related important Together we can make it a better repo for AWS Security related important
references. So, please keep contributing hackers! references. So, please keep contributing hackers!
Please ensure your pull request follow to the below guidelines: **Please ensure your pull request follow to the below guidelines:**
- Please make sure your suggestion is not duplicate. - Please make sure your suggestion is not duplicate.
- Do a pull request for suggestion by providing a Link and Description. - Do a pull request for suggestion by providing a Link and Description.
- Feel free to suggeset new categories and/or improvements to the existing one. - Add your contents at the end of the list under appropriate headings.
- Contents will be added on first come first serve basis.
- Feel free to suggest new categories and/or improvements to the existing one.
- Feel free to share and comment - Feel free to share and comment
Appreciate your contributions and thank you for the suggestions! *Appreciate your contributions and thank you for the suggestions!*

View File

@ -5,22 +5,77 @@ Paid), Exploit, CTFs, Hacking Practices etc. which are obviously related to AWS
_List inspired by the [awesome](https://github.com/sindresorhus/awesome) list thing._ _List inspired by the [awesome](https://github.com/sindresorhus/awesome) list thing._
## Books ## Books
1. Hands-On AWS Penetration Testing with Kali Linux by PackT
2. Mastering AWS Security by PackT
3. Security Best Practices on AWS by PackT
4. Cloud Security Automation
5. AWS Automation Cookbook
## AWS Whitepapers
1. [AWS Security Best Practices](http://d0.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf)
2. [AWS Security Pillar](https://d1.awsstatic.com/whitepapers/architecture/AWS-Security-Pillar.pdf)
3. [AWS Overview of Security Processes](https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf)
4. [NIST Cybersecurity Framework](https://d0.awsstatic.com/whitepapers/compliance/NIST_Cybersecurity_Framework_CSF.pdf)
5. [AWS Risk And Compliance](https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf)
6. [AWS Auditing Security Checklist](https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf)
7. [AWS HIPAA Compliance Whitepaper](https://d0.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf)
## Videos ## Videos
1. [AWS Security by Design](https://www.youtube.com/watch?v=I1SwoKxB13c) - Youtube
2. [Account Security with IAM](https://www.youtube.com/watch?v=9CKsX6MOPDQ) - Youtube
3. [AWS re:Inforce 2019 Security Best Practices](https://www.youtube.com/watch?v=u6BCVkXkPnM) - Youtube
4. [AWS Cloud Security Playlist](https://www.youtube.com/watch?v=N4DdqAkeqD4&list=PLxzKY3wu0_FL4VDfuCohtikXTQNTvKQVX) - Youtube
## Online Tutorials/Blogs ## Online Tutorials/Blogs/Presentations
1. [AWS Security official blog](https://aws.amazon.com/blogs/security/)
2. [AWS in Plain English](https://expeditedsecurity.com/aws-in-plain-english/)
3. [Why the CIA trusts AWS](https://mediatemple.net/blog/tips/aws-building-blocks/)
4. [Fundamentals of AWS Security](https://www.slideshare.net/AmazonWebServices/fundamentals-of-aws-security) - Presentation from AWS
5. [Introduction to AWS Security](https://www.slideshare.net/AmazonWebServices/introduction-to-aws-security-131234529) - Presentation from AWS
## Online Courses (Paid/Free) ## Online Courses (Paid/Free)
1. [AWS Fundamentals: Address Security Risks](https://www.coursera.org/learn/aws-fundamentals-addressing-security-risk) - Coursera
## Podcasts 2. [Cloud Computing Security](https://www.coursera.org/learn/cloud-computing-security) - Coursera
3. [AWS: Getting started with Cloud Security](https://www.edx.org/course/aws-getting-started-with-cloud-security) - EdX
## Conferences 4. [AWS Certified Security Specialty](https://www.udemy.com/course/aws-certified-security-specialty/) - Udemy by Zeal Vora
5. [AWS Certified Security Specialty](https://acloud.guru/learn/aws-certified-security-specialty) - From Acloud.guru
## Slideshare 6. [AWS Advanced Security](https://www.udemy.com/course/aws-advanced-security/) - Udemy
7. [AWS for Architects: Advanced Security](https://www.linkedin.com/learning/aws-for-architects-advanced-security/) - Linkedin Learn by Lynn Langit
8. [Practical Event Driven Security with AWS](https://acloud.guru/learn/practical-event-driven-security-with-aws) - Acloud.guru
9. [Learning Path for AWS Security](https://learn.acloud.guru/learning-path/aws-security) - Nicely designed the learning path who wants to be an AWS Security Experts from Acloud.guru
10. [Cloud Hacking course](https://www.notsosecure.com/hacking-training/cloud-hacking/) - From NotSoSercure
## Tools of Trade ## Tools of Trade
1. [AWS Security Products](https://aws.amazon.com/products/security/)
2. [Arsenal of AWS Security Tools](https://github.com/toniblyx/my-arsenal-of-aws-security-tools) - Collection of all security category tools and products
3. [AWS Security Automation](https://github.com/awslabs/aws-security-automation) - Collection of scripts and resources for DevSecOps and Automated Incident Response Security
4. [Security Monkey](https://github.com/Netflix/security_monkey) - Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
5. [truffleHog](https://github.com/dxa4481/truffleHog) - Searches through git repositories for high entropy strings and secrets, digging deep into commit history
6. [gitleaks](https://github.com/zricethezav/gitleaks) - Audit git repos for secrets
7. [AWS Security Benchmark](https://github.com/awslabs/aws-security-benchmark) - Open source demos, concept and guidance related to the AWS CIS Foundation framework.
8. [S3 Inspector](https://github.com/kromtech/s3-inspector) - Tool to check AWS S3 bucket permissions
9. [ScoutSuite](https://github.com/nccgroup/ScoutSuite) - Multi-Cloud Security Auditing Tool
10. [Prowler](https://github.com/toniblyx/prowler) - AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool.
11. [AWS Vault](https://github.com/99designs/aws-vault) - A vault for securely storing and accessing AWS credentials in development environments
12. [AWS PWN](https://github.com/dagrz/aws_pwn) - A collection of AWS penetration testing junk
13. [Pacu](https://github.com/RhinoSecurityLabs/pacu) - AWS Penetration Testing Toolkits
14. [Zeus](https://github.com/DenizParlak/Zeus) - AWS Auditing and Hardening tool
15. [Cloud Mapper](https://github.com/duo-labs/cloudmapper) - Analyze your AWS environments (Python)
## Online Security Practice and CTFs ## Security Practice and CTFs
1. [AWS Well Architected Security Labs](https://wellarchitectedlabs.com/Security/README.html)
2. [Flaws to learn common mistakes in AWS through challenge](http://flaws.cloud/)
3. [Flaws2 focuses on AWS security concepts through various challenge levels](http://flaws2.cloud/)
4. [CloudGoat](https://github.com/RhinoSecurityLabs/cloudgoat) - Vulnerable by Design AWS infrastructure setup tool
5. [OWASP ServerlessGoat](https://github.com/OWASP/Serverless-Goat) - OWASP ServerlessGoat is a deliberately insecure realistic AWS Lambda serverless application maintained by OWASP for educational purposes.
## AWS Security Breaches
1. [AWS Security breaches - 2017](https://www.sumologic.com/blog/aws-security-breaches-2017/)
2. [200 million voters data leak](https://www.skyhighnetworks.com/cloud-security-blog/latest-voter-data-leak-is-a-lesson-in-aws-security/) - A lesson in AWS Security
3. [Imperva blames data breach on Stolen AWS API keys](https://www.zdnet.com/article/imperva-blames-data-breach-on-stolen-aws-api-key/)
4. [Tesla's Amazon cloud account was hacked and used to mine cryptocurrency](https://www.businessinsider.in/finance/teslas-amazon-cloud-account-was-hacked-and-used-to-mine-cryptocurrency/articleshow/63003345.cms)
5. [10 worst Amazon S3 breaches](https://businessinsights.bitdefender.com/worst-amazon-breaches)
6. [Lion Air the Latest to Get Tripped Up by Misconfigured AWS S3](https://www.darkreading.com/attacks-breaches/lion-air-the-latest-to-get-tripped-up-by-misconfigured-aws-s3-/d/d-id/1335864)
## Contributors ## Contributors
[Please refer the guidelines at contribute.md for details](Contribute.md). [Please refer the guidelines at contribute.md for details](Contribute.md).