SAP / cloud-active-defense
Add a layer of active defense to your cloud applications.
☆77Updated this week
Related projects: ⓘ
- Released at Black Hat Asia on April 18, 2024, Cloud Console Cartographer is a framework for condensing groupings of cloud events (e.g. Cl…☆147Updated 4 months ago
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆82Updated 8 months ago
- ☆60Updated 6 months ago
- Anvilogic Forge☆80Updated this week
- Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK…☆159Updated last month
- An AI-powered tool for discovering privilege escalation opportunities in AWS IAM configurations.☆93Updated 2 months ago
- Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.☆29Updated 5 months ago
- Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrix☆55Updated last year
- A library of Incident Response notebooks using Jupyter. We will show how you can leverage pre-defined notebook files to guide your incide…☆140Updated 10 months ago
- ☆234Updated 3 months ago
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆107Updated 2 weeks ago
- Automation tool for Windows Deception Host Burn-In☆71Updated 2 months ago
- A full insecure kubernetes application for testing security tools☆41Updated last week
- Tool for obfuscating and deobfuscating data.☆60Updated 5 months ago
- Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with …☆112Updated 2 months ago
- Generate datasets of cloud audit logs for common attacks☆158Updated last month
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆145Updated this week
- OCSF Documentation☆114Updated this week
- Cloud Commotion intends to cause chaos to simulate security incidents☆122Updated 3 months ago
- HASH (HTTP Agnostic Software Honeypot)☆128Updated 4 months ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆37Updated 11 months ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆76Updated this week
- Leveraging MISP indicators via a pDNS-based infrastructure as a poor man’s SOC.☆48Updated 2 weeks ago
- IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.☆91Updated 9 months ago
- PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by use…☆65Updated last year
- This is a collection of threat detection rules / rules engines that I have come across.☆270Updated 4 months ago
- When good OAuth apps go rogue. Documents observed OAuth application tradecraft☆34Updated 2 weeks ago
- Independently deploy customized honeyservices in AWS to trigger alerts on unauthorized access. It utilizes a dedicated CloudTrail for pre…☆42Updated 4 months ago
- ☆37Updated 3 weeks ago
- A cheatsheet containing AWS CloudTrail events that can be used for Incident Response purposes or Detection Engineering.☆58Updated 4 months ago