Skip to content

Latest commit

 

History

History
90 lines (59 loc) · 9.58 KB

README.md

File metadata and controls

90 lines (59 loc) · 9.58 KB

Awesome Azure Security Awesome

A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources.

Contribute

Contributions welcome! Read the contribution guidelines first.

Contents

Tools

Security Assessment Tools

  • Azucar: Security auditing tool for Azure environments. Windows only. stars
  • BloodHound: BloodHound uses graph theory to reveal hidden relationships and attack paths in an Active Directory environment that would otherwise be impossible to quickly identify. stars
  • ScoutSuite: Multi-Cloud Security auditing tool. stars
  • Steampipe: Instantly query your cloud, code, logs & more with SQL. Build on thousands of open-source benchmarks & dashboards for security & insights. stars
  • StormSpotter: Azure Red Team tool for graphing Azure and Azure Active Directory objects. stars

Offensive Tools

  • MicroBurst: a PowerShell Toolkit for Attacking Azure. stars
  • PowerZure: a PowerShell project created to perform reconnaissance and exploitation of Azure, AzureAD, and the associated resources. stars
  • ROADrecon: a tool for exploring information in Azure AD from both a Red Team and Blue Team perspective. stars

Infrastructure as Code Scanning Tools

  • Checkov: Terraform, Cloudformation and Kubernetes static analysis written in python. stars
  • Terraform Compliance for Azure: Steampipe module to check compliance of Terraform configurations to Azure security best practices. stars
  • tfsec: Provides static analysis of your terraform templates to spot potential security issues. stars

Other Tools

  • DumpsterDiver: Tool to search secrets in various filetypes like keys (e.g. AWS Access Key Azure Share Key or SSH keys) or passwords. stars

Threat Detection and Response

Audit Logging

  • Azure security logging and auditing: Azure provides a wide array of configurable security auditing and logging options to help you identify gaps in your security policies and mechanisms.

Native Alerting

Blog Posts

Offensive blog posts

Defensive blog posts

Training

Talks

Other key resources