Releases: RhinoSecurityLabs/cloudgoat
Releases · RhinoSecurityLabs/cloudgoat
Release v2.5.0
What's Changed
- Fixed readme formatting for author by @TeneBrae93 in #412
- Scenario | iam_enum_basics by @TeneBrae93 in #413
- Add dependabot.yml set to ignore scenario dependencies by @nobodynate in #415
- Bump flake8 from 7.1.2 to 7.3.0 by @dependabot[bot] in #416
- Bump requests from 2.32.4 to 2.32.5 by @dependabot[bot] in #417
- Bump argcomplete from 3.6.0 to 3.6.3 by @dependabot[bot] in #418
- Bump black from 25.1.0 to 25.11.0 by @dependabot[bot] in #419
- Bump boto3 from 1.37.15 to 1.42.72 by @dependabot[bot] in #420
- Release v2.5.0 by @github-actions[bot] in #422
Full Changelog: v2.4.0...v2.5.0
Contributors
dependabot, nobodynate, and TeneBrae93
Assets 2
Release v2.4.0
What's Changed
- Bump requests from 2.32.3 to 2.32.4 by @dependabot[bot] in #368
- Fixed destroy_all_scenarios whitelist bug by @morepoints in #380
- feat: update default instance type to t3.micro for AWS Free Tier compatibility by @Kyul-l in #400
- Add additional free tier instance type validations by @nobodynate in #401
- Replace hardcoded AMI with dynamic Ubuntu AMI lookup for cloud_breach_s3 by @nobodynate in #402
- Created ATTACK-MATRIX.md for beanstalk_secrets by @Singh-Gurparas in #373
- Scenario : s3_version_rollback_via_cfn by @jeonyubyeong in #374
- Scenario | agentcore_identity_confusion by @sonrai-nigelsood in #387
- Scenario | bedrock_agent_hijacking by @nobodynate in #403
- SNS_Secrets - Dynamic API Key by @TeneBrae93 in #389
- Scenario | Static by @TeneBrae93 in #390
- Scenario | data_secrets by @TeneBrae93 in #391
- Update cheat_sheet.md walkthrough by @nobodynate in #404
- Standardize terraform provider file and minimum Terraform version by @nobodynate in #405
- Add ecs_privesc_evade_protection scenario by @nobodynate in #406
- Fix Python versions in test workflow by @nobodynate in #407
- Fix: Move ecs_privesc_evade_protection to correct directory by @nobodynate in #408
- Remove deprecated Terraform 1.5 from CI testing by @nobodynate in #409
- Release v2.4.0 by @github-actions[bot] in #410
New Contributors
- @morepoints made their first contribution in #380
- @Kyul-l made their first contribution in #400
- @Singh-Gurparas made their first contribution in #373
- @jeonyubyeong made their first contribution in #374
- @sonrai-nigelsood made their first contribution in #387
Full Changelog: v2.3.1...v2.4.0
Contributors
dependabot, morepoints, and 6 other contributors
Assets 2
Release v2.3.1
What's Changed
- Contributing a new AWS scenario: federated_console_takeover by @Jimmy-Barrios in #367
- Bugfixes, refactor and rename by @andrew-aiken in #369
- Bugfix and Refactor RCE Web App by @andrew-aiken in #365
- Fix sns_secrets scenario by @TeneBrae93 in #372
- Release v2.3.1 by @github-actions[bot] in #382
Full Changelog: v2.3.0...v2.3.1
Contributors
andrew-aiken, TeneBrae93, and Jimmy-Barrios
Assets 2
Release v2.3.0
What's Changed
- Fixed beanstalk ec2 by @TeneBrae93 in #347
- Updated Beanstalk Secrets to dynamically grab the correct solution stack by @TeneBrae93 in #352
- Changed action trigger to pull_request by @nobodynate in #353
- changed docker validation action trigger to pull_request by @nobodynate in #356
- Update Name Regex in beanstalk_secrets terraform by @TeneBrae93 in #359
- Contributing a new AWS scenario: vpc_peering_overexposed by @Jimmy-Barrios in #361
- Release v2.3.0 by @github-actions in #364
New Contributors
- @Jimmy-Barrios made their first contribution in #361
Full Changelog: v2.2.1...v2.3.0
Contributors
nobodynate, TeneBrae93, and Jimmy-Barrios
Assets 2
Release v2.2.1
What's Changed
- Update README.md by @nobodynate in #342
- Update all the links on the main readme by @TeneBrae93 in #343
- Updated solution stack for Beanstalk by @TeneBrae93 in #345
- Release v2.2.1 by @github-actions in #346
Full Changelog: v2.2.0...v2.2.1
Contributors
nobodynate and TeneBrae93
Assets 2
Release v2.2.0
What's Changed
- Added Azure by @nobodynate in #327
- fix folders by @DaveYesland in #336
- fix_action_find_scenario_command by @DaveYesland in #337
- Fixed action. Only runs on new or modified scenararios by @nobodynate in #338
- need to checkout the PR by @nobodynate in #339
- Scenario/datafactory secrets by @DaveYesland in #335
- Release v2.2.0 by @github-actions in #340
Full Changelog: v2.1.0...v2.2.0
Contributors
DaveYesland and nobodynate
Assets 2
Release v2.1.0
What's Changed
- New Scenario: Beanstalk Secrets by @TeneBrae93 in #303
- Fix scenario location by @TeneBrae93 in #332
- Release v2.1.0 by @github-actions in #333
Full Changelog: v2.0.1...v2.1.0
Contributors
TeneBrae93
Assets 2
Release v2.0.1
What's Changed
- Merge to master by @SpenGietz in #1
- Spencer merge by @SpenGietz in #2
- Changed policies around by @SpenGietz in #3
- Random ec2 password + policy name fix by @SpenGietz in #4
- many changes. Fully integrated Glue, changed lambda functions around,… by @SpenGietz in #5
- added codebuild and added status message for Glue by @SpenGietz in #6
- Remove glue by @SpenGietz in #7
- updated readme by @SpenGietz in #8
- Python3 support by @SpenGietz in #11
- fixed random string generation to support Mac by @SpenGietz in #12
- EC2 instance profile policy fix by @SpenGietz in #16
- Bob update by @SpenGietz in #17
- Fixed the glue development endpoint to include the CloudGoat SSH key … by @SpenGietz in #18
- Removed #cloud-boothook to execute UserData on instance start by @LukaszMrozowski in #21
- Update cheat_sheet.md by @mtulio in #33
- Feature/add docker by @jack-ganbold in #35
- Add a warning for AWS creds mount by @jack-ganbold in #36
- Add README badges and cute ☁️🐐 emoji by @jack-ganbold in #37
- Updating tags RE: Request #34 by @yogisec in #38
- Update ec2.tf in rce_web_app by @sebastian-mora in #60
- Update cheat_sheet_mcduck.md by @sebastian-mora in #59
- Update ec2.tf by @sebastian-mora in #56
- Update cheat_sheet_raynor.md by @AumSecResearch in #51
- Update cheat_sheet_kerrigan.md by @sebastian-mora in #45
- Added cgid in resources for ec2_ssrf by @hamstah in #44
- Use cgid in resource names for iam_privesc_by_rollback by @hamstah in #43
- Scenario/lambda_privesc by @sgn00 in #64
- Scenario Ecs_efs attack by @sebastian-mora in #77
- Bump pyyaml from 5.1.1 to 5.4 in /core/python by @dependabot in #82
- Typo fix in ecs_efs_attack cheatsheet command to list the privileges by @pankajmouriya in #81
- Fix missing scenario page. by @naikordian in #78
- Update README.md by @sn0x736e in #73
- Update cheat_sheet_chris.md by @sidejackthenativity in #76
- Docker improvements by @hamstah in #42
- Update author's name in lambda_privesc scenario by @sgn00 in #70
- Update cheat_sheet_kerrigan.md by @gchib297 in #67
- Support terraform v0.14+ by @RyanJarv in #84
- Fixed version check for terraform destroy command. by @j0eblow in #93
- Correction to Lara cheat sheet by @j0eblow in #95
- Fix for spelling and grammar issues in README.md by @j0eblow in #94
- New Scenario: ECS_Takover by @sebastian-mora in #91
- Help fixes + change create to always runs apply by @RyanJarv in #97
- Ensure resource names (S3 bucket, RDS, load balancer) do not contain invalid characters (closes #98, #100) by @christophetd in #102
- Use requests to get the IP instead of shell to curl by @hamstah in #41
- Fix CGID naming for codebuild_secrets by @RyanJarv in #106
- Reduce IAM permissions used in ec2_ssrf by @RyanJarv in #104
- Fix broken IAM policy in ec2_ssrf scenario by @christophetd in #112
- First version of the CI/CD scenario by @christophetd in #116
- Update README for CI/CD scenario by @christophetd in #117
- Bump undefsafe from 2.0.2 to 2.0.5 in /scenarios/rce_web_app/assets/rce_app by @dependabot in #118
- Scenario/lambda sql injection by @RyanJarv in #111
- Bump ajv from 6.10.0 to 6.12.6 in /scenarios/rce_web_app/assets/rce_app by @dependabot in #121
- Bump tar from 4.4.8 to 4.4.19 in /scenarios/rce_web_app/assets/rce_app by @dependabot in #120
- Make requirements.txt more visible by @RyanJarv in #109
- Update README.md by @BaronSam3di in #132
- Set scripts executable by @bashtoni in #129
- Scenario/detection evasion by @RyanJarv in #142
- CICD Scenario: Remove tf lock file and loosen dependencies by @RyanJarv in #135
- Fix missing step in ecs_efs_attack cheat sheet. by @HLOverflow in #127
- Updated the lambda python version in two scenarios by @sethsec-bf in #150
- Force config whitelist --auto to use IPv4 by @RyanJarv in #110
- Updated Lambda runtime by @barnesrobert in #159
- Update vulnerable_lambda manifest.yaml file by @n3ddih in #164
- detection_evasion: fixed filter pattern for instance profile usage by @andrew-kline in #143
- Update rds.tf by @Artemis357 in #155
- Added a new scenario vulnerable_cognito by @usamaazad in #166
- Bump decode-uri-component from 0.2.0 to 0.2.2 in /scenarios/rce_web_app/assets/rce_app by @dependabot in #161
- Bump json5 and rc-config-loader in /scenarios/rce_web_app/assets/rce_app by @dependabot in #162
- Add Tests via GitHub actions by @jdearmas in #178
- Update README.md by @usamaazad in #177
- Updated main README to add scenario description by @usamaazad in #176
- Fix Typo in README.md by @galoget in #194
- Update s3.tf by @j0eblow in #193
- Update ec2.tf by @j0eblow in #192
- Update cheat_sheet.md by @lazzslayer in #204
- Update Vulnerable Cognito by @andrew-aiken in #213
- Scenario | IAM Privesc by Key Rotation by @andrew-aiken in #221
- Fix Detection Evasion Scenario by @andrew-aiken in #218
- fixing typo by @gauravphoenix in #225
- Bugfix CodeBuild Secrets by @andrew-aiken in #217
- Fixing Issues with ECR Removal & SSM Connectivity by @andrew-aiken in #215
- Refactor | RCE Web App by @andrew-aiken in #216
- Fix Typo in README.md by @Hosim33 in #237
- Refactor/cloud breach s3 by @andrew-aiken in #214
- Enhancement | ECS EFS Attack Scenario by @andrew-aiken in #220
- ECS Takeover | x86_64 AMI by @andrew-aiken in #219
- Format vulnerable lambda by @andrew-aiken in #229
- Update example scenario by @andrew-aiken in #226
- Flagshop and rds snapshot add summary by @West-wise in https://github....
Contributors
christophetd, hamstah, and 40 other contributors