gitlab.com / gitlab-com / gl-security
gitlab-com/gl-security/threatmanagement/redteam/redteam-public/red-team-tech-notes
As we come across interesting things that we want to share with the community we will document them here as a tech note.
Last synced at: over 2 years ago - Stars: 65 - Forks: 15
gitlab-com/gl-security/appsec/tooling/public_merge_requests_referencing_confidential_issues
Last synced at: over 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/engineering-and-research/automation-team/example-service-python
Example SecAuto service in Python. ([Deployment Project](https://gitlab.com/gitlab-private/gl-security/engineering-and-research/automation-team/kubernetes/secauto/example-service-python))
Last synced at: about 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/security-policies
Moved to https://gitlab.com/gitlab-org/gl-security/security-policies/
Last synced at: about 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/threatmanagement/redteam/redteam-public/webapp-screenshots
Last synced at: over 2 years ago - Stars: 0 - Forks: 1
gitlab-com/gl-security/security-research/gitlab-learn-security-training-course
Last synced at: over 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/test-projects/eicar-test-project
A project that contains the EICAR test as content: Can be used as test for: https://gitlab.com/gitlab-org/gitlab-ce/issues/53560
Last synced at: over 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/threatmanagement/redteam/redteam-public/bump-key
Offensive security tool for tampering nodejs lockfiles and investigating outdated node dependencies to determine targets for an adversarial simulation mimicking one form of supply chain attack.
Last synced at: over 2 years ago - Stars: 2 - Forks: 1
gitlab-com/gl-security/threatmanagement/redteam/redteam-public/ci-gitrob-test-dummy
Last synced at: over 2 years ago - Stars: 0 - Forks: 1
gitlab-com/gl-security/threatmanagement/redteam/redteam-public/gdk-driveby-poc-public
This project contains the source code from the original GitLab GDK drive-by RCE disclosure.
Last synced at: over 2 years ago - Stars: 0 - Forks: 1
gitlab-com/gl-security/security-research/gitleaks-endpoint-installer
Installer for Gitleaks on Mac/Linux endpoints
Last synced at: over 2 years ago - Stars: 6 - Forks: 0
gitlab-com/gl-security/engineering-and-research/automation-team/spam/spamcheck-trigger
Last synced at: over 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/terraform/terraform-modules
Last synced at: over 2 years ago - Stars: 0 - Forks: 3
gitlab-com/gl-security/engineering-and-research/gitlab-security-awards-program-security-policy-project
This project is automatically generated to manage security policies for the project.
Last synced at: over 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/appsec/tooling/appsec-command-line-utils
Last synced at: about 2 years ago - Stars: 3 - Forks: 0
gitlab-com/gl-security/security-operations/management
Last synced at: over 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/engineering-and-research/automation-team/phonebook-client-python
Phonebook API Client
Last synced at: about 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/threatmanagement/redteam/redteam-public/gcloud-credential-stealer
Steals credentials from an installation of the gcloud CLI.
Last synced at: over 2 years ago - Stars: 0 - Forks: 1
gitlab-com/gl-security/appsec/sast-custom-rules
Last synced at: almost 2 years ago - Stars: 2 - Forks: 0
gitlab-com/gl-security/security-research/gitlab-standalone-instance
This project is intended to track an on-going effort to secure a GitLab standalone instance being installed in a hostile environment.
Last synced at: over 2 years ago - Stars: 5 - Forks: 0
gitlab-com/gl-security/security-research/package-hunter-demo
Demo project that shows how Package Hunter alerts on a malicious dependency.
Last synced at: over 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/security-operations/infrastructure-security-public/aws-account-management
Automation for managing AWS Organizations/Accounts
Last synced at: about 2 years ago - Stars: 1 - Forks: 1
gitlab-com/gl-security/communications-templates
Last synced at: over 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/public-gitlab-observation-management
Repo for the open-source version of GitLab's [Observation Management Program](https://about.gitlab.com/handbook/engineering/security/security-assurance/security-compliance/observation-management.html)
Last synced at: over 2 years ago - Stars: 0 - Forks: 1
gitlab-com/gl-security/security-research/go-ssh-server-crash
Last synced at: over 2 years ago - Stars: 0 - Forks: 1
gitlab-com/gl-security/test-projects/custom-deps
Test dependency scanning reports
Last synced at: over 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/security-research/threat-modeling-template
This project will house the template(s) used for threat modeling within GitLab.
Last synced at: over 2 years ago - Stars: 2 - Forks: 2
gitlab-com/gl-security/security-research/phone-application-research
Last synced at: about 2 years ago - Stars: 0 - Forks: 2
gitlab-com/gl-security/threatmanagement/redteam/red-team-security-policy-project
This project is automatically generated to manage security policies for the project.
Last synced at: over 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/ctf-at-home
The GitLab 2020 CTF to be run at home.
Last synced at: over 2 years ago - Stars: 25 - Forks: 8
gitlab-com/gl-security/security-research/package-hunter-runner-integration
Playground for https://gitlab.com/gitlab-com/gl-security/security-research/sec-research/-/issues/35
Last synced at: over 2 years ago - Stars: 0 - Forks: 1
gitlab-com/gl-security/threatmanagement/redteam/redteam-public/secrets-hunting-misc
A place to store miscellaneous tooling to support secrets hunting
Last synced at: over 2 years ago - Stars: 1 - Forks: 2
gitlab-com/gl-security/security-research/lockfile-tampering-examples
Examples of tampered lockfiles.
Last synced at: about 2 years ago - Stars: 0 - Forks: 1
gitlab-com/gl-security/threatmanagement/vulnerability-management/vulnerability-management-public/vulnmapper
A tool for mapping vulnerabilities in various systems to infrastructure, projects and owners
Last synced at: over 2 years ago - Stars: 0 - Forks: 1
gitlab-com/gl-security/engineering-and-research/automation-team/docker/check-version
Last synced at: about 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/soc-3-report
Project to house the publicly available SOC 3 report
Last synced at: about 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester
Finds an identifiable hash value for each version of GitLab vulnerable to a specific CVE by the related semantic reversion range (example: https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json) for use in passive fingerprinting.
Last synced at: over 2 years ago - Stars: 1 - Forks: 2
gitlab-com/gl-security/soc-3-project
Project used to house the publicly available SOC 3 report
Last synced at: over 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/appsec/tooling/release-certification-tools
Tools that help with the AppSec release certification process
Last synced at: almost 2 years ago - Stars: 1 - Forks: 0
gitlab-com/gl-security/security-research/ratchet
Last synced at: over 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/threatmanagement/redteam/redteam-public/simple-request
This is a very basic static website that performs a POST to your localhost address.
Last synced at: over 2 years ago - Stars: 0 - Forks: 2
gitlab-com/gl-security/public-gcf
A publicly-available repository of the open-source control framework that GitLab extended from the [Adobe Common Control Framework](https://blogs.adobe.com/security/2018/10/introducing-the-adobe-common-controls-framework-ccf-version-2-0.html).
Last synced at: over 2 years ago - Stars: 0 - Forks: 1
gitlab-com/gl-security/engineering-and-research/automation-team/spam/spamcheck
Anti-spam Engine. (Code-only mirror: https://gitlab.com/gitlab-org/spamcheck) Deployment: https://gitlab.com/gitlab-private/gl-security/engineering-and-research/automation-team/kubernetes/spamcheck/spamcheck
Last synced at: about 2 years ago - Stars: 5 - Forks: 5
gitlab-com/gl-security/engineering-and-research/automation-team/scripts
Useful scripts for improving work flow on the Security Automation team.
Last synced at: about 2 years ago - Stars: 0 - Forks: 1
gitlab-com/gl-security/engineering-and-research/automation-team/stackdriver-prometheus-sidecar
Stackdriver Prometheus Sidecar with [metric_label_filters](https://github.com/Stackdriver/stackdriver-prometheus-sidecar/pull/283) setting.
Last synced at: about 2 years ago - Stars: 0 - Forks: 1
gitlab-com/gl-security/security-research/video-scanner/youtube-video-scanner
Scans public videos on GitLab Unfiltered for API keys and other secrets.
Last synced at: 28 days ago - Stars: 12 - Forks: 4
gitlab-com/gl-security/threatmanagement/redteam/redteam-public/red-team-issue-templates
Issue templates useful for planning and executing Red Team operations.
Last synced at: almost 2 years ago - Stars: 3 - Forks: 0
gitlab-com/gl-security/security-operations/infrastructure-security-public/oidc-modules
Last synced at: almost 2 years ago - Stars: 2 - Forks: 0
gitlab-com/gl-security/appsec/hackerone-questions
A place where HackerOne researchers can get in touch with GitLab's AppSec team for meta questions ONLY.
Last synced at: almost 2 years ago - Stars: 1 - Forks: 0
gitlab-com/gl-security/engineering-and-research/automation-team/autohelp
Security Automation Helpers for Python
Last synced at: almost 2 years ago - Stars: 0 - Forks: 1
gitlab-com/gl-security/security-operations/redteam/redteam-public/pocs/gcp_misc
Misc. tools related to attack operations in Google Cloud Platform
Last synced at: 4 days ago - Stars: 9 - Forks: 4
gitlab-com/gl-security/product-security/gib
Inventory builder - Also see https://gitlab.com/gitlab-com/gl-security/engineering-and-research/inventory-example
Last synced at: 5 months ago - Stars: 9 - Forks: 4
gitlab-com/gl-security/security-culture
This is the project started by the Security Culture Committee for sharing of Security-related information for each other and the world.
Last synced at: almost 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/appsec/cvss-calculator
Web application to calculate the CVSS score and bug bounty suggestion for vulnerabilities.
Last synced at: almost 2 years ago - Stars: 2 - Forks: 1
gitlab-com/gl-security/security-operations/infrastructure-security-public/tenable_gitlab
Last synced at: almost 2 years ago - Stars: 1 - Forks: 1
gitlab-com/gl-security/threatmanagement/redteam/redteam-public/payload-listeners
Payload-listeners for use during red team operations.
Last synced at: over 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/security-operations/redteam/redteam-public/pocs/gcp_enum
A simple bash script to enumerate Google Cloud Platform environments.
Last synced at: 4 days ago - Stars: 18 - Forks: 7
gitlab-com/gl-security/engineering-and-research/automation-team/authomize
Authomize connectors for User Access Reviews. ([Deployment Project](https://gitlab.com/gitlab-private/gl-security/engineering-and-research/automation-team/kubernetes/secauto/authomize))
Last synced at: almost 2 years ago - Stars: 0 - Forks: 1
gitlab-com/gl-security/security-department-meta
Security Department project for tracking department wide initiatives. For non-Security department team members, open issues here to be triaged and assigned. Sub-department and teams should use their own issue tracker. Refer to the handbook for mo
Last synced at: almost 2 years ago - Stars: 18 - Forks: 3
gitlab-com/gl-security/threatmanagement/redteam/redteam-public/token-hunter
Gather OSINT from GitLab groups and group members. Inspect GitLab assets like snippets, issues, and comments/discussions for sensitive information like GitLab Personal Access Tokens, AWS Auth Tokens, Google API Keys, and much more.
Last synced at: almost 2 years ago - Stars: 41 - Forks: 11
gitlab-com/gl-security/engineering-and-research/inventory-example
This is a public demo of how to build an inventory of GitLab projects using the GitLab Inventory Builder https://gitlab-com.gitlab.io/gl-security/engineering-and-research/inventory-example/
Last synced at: almost 2 years ago - Stars: 5 - Forks: 5
gitlab-com/gl-security/threatmanagement/vulnerability-management/vulnerability-management-public/go-sentinelone-client
A golang library for accessing the APIs of sentinelone
Last synced at: 11 months ago - Stars: 1 - Forks: 0
gitlab-com/gl-security/security-research/verify-kas-token
Last synced at: over 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/engineering-and-research/automation-team/docker/jupyter
Last synced at: about 2 years ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/threatmanagement/redteam/redteam-public/tools/gitrob
This is a mirror of a forked repository. It adds several features to gitrob including GitLab support, commit content searching, in-memory repository cloning, and more.
Last synced at: 11 months ago - Stars: 15 - Forks: 10
gitlab-com/gl-security/threatmanagement/redteam/redteam-public/pocs/cfClearance
Golang package to bypass Cloudflare DDos protection with http.Client. Uses chromedp only for initial cookie acquisition. Current Issue: https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cfClearance/-/issues/4
Last synced at: 11 months ago - Stars: 3 - Forks: 5
gitlab-com/gl-security/security-operations/redteam/redteam-public/pocs/gcp_k8s_enum
Enumerate services exposed via GKE
Last synced at: 10 days ago - Stars: 5 - Forks: 2
gitlab-com/gl-security/engineering-and-research/security-awards 📦
Last synced at: 11 months ago - Stars: 0 - Forks: 0
gitlab-com/gl-security/threatmanagement/vulnerability-management/vulnerability-management-public/go-tenable-client
A golang library for accessing the APIs of tenable.io
Last synced at: 11 months ago - Stars: 1 - Forks: 1
gitlab-com/gl-security/security-operations/redteam/redteam-public/tools/gcp_firewall_enum
Parse gcloud output to enumerate compute instances with network ports exposed to the Internet. Generates targeted nmap and masscan scripts based on the results.
Last synced at: 4 days ago - Stars: 18 - Forks: 4
gitlab-com/gl-security/security-architecture/gitlab-architecture
Playground for GitLab architecture with Structurizr, before integrating into docs.gitlab.com
Last synced at: almost 2 years ago - Stars: 0 - Forks: 0