DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation of repeatable detection samples in the cloud. Built on Google Workflows
☆101Jan 12, 2024Updated 2 years ago
Alternatives and similar repositories for derf
Users that are interested in derf are comparing it to the libraries listed below
Sorting:
- Tool for obfuscating and deobfuscating data.☆76Mar 20, 2024Updated last year
- ☆65May 21, 2024Updated last year
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆173Mar 2, 2026Updated last week
- CNAPPgoat is an open source project designed to modularly provision vulnerable-by-design components in cloud environments.☆292Sep 4, 2024Updated last year
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆339Updated this week
- Whois for the Cloud: Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.☆183Oct 9, 2025Updated 5 months ago
- ☆169Sep 30, 2025Updated 5 months ago
- cloudgrep is grep for cloud storage☆326Feb 26, 2025Updated last year
- A small security playground implementation of GHOSTS User Simulation framework with an Active Directory deployment and Elastic.☆20Jul 17, 2024Updated last year
- Repository to archive GCP Documentation for local use☆16Feb 11, 2025Updated last year
- Azure Activity Log Axe is a continually developing tool that simplifies the transactional log format provided by Microsoft. The tool leve…☆35Sep 6, 2024Updated last year
- ☆229Feb 24, 2026Updated last week
- An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…☆174Feb 22, 2026Updated 2 weeks ago
- Convert cloudtrail data to MITRE ATT&CK Sightings☆82Jul 25, 2022Updated 3 years ago
- Create your own vulnerable by design AWS penetration testing playground☆437Feb 16, 2026Updated 3 weeks ago
- CloudGrappler is a purpose-built tool designed for effortless querying of high-fidelity and single-event detections related to well-known…☆266Nov 21, 2025Updated 3 months ago
- Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).☆89Jan 28, 2024Updated 2 years ago
- An automated Adversary Emulation lab with terraform and MCP server. Build Caldera techniques and operations assisted with LLMs. Built f…☆205Nov 23, 2025Updated 3 months ago
- ☆30Jan 13, 2026Updated last month
- Scan your account for the use of untrusted AMIs☆32Updated this week
- ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The …☆289Feb 5, 2024Updated 2 years ago
- Random scripts for azure stuff☆14Oct 12, 2022Updated 3 years ago
- Privateer is a plugin-based framework for security & compliance evaluations.☆18Mar 2, 2026Updated last week
- ☆14Jan 8, 2026Updated 2 months ago
- Harness the security superpowers of your cloud asset inventory☆11Sep 22, 2024Updated last year
- Compares and analyzes GCP IAM roles.☆78Mar 9, 2025Updated last year
- ## Auto-archived due to inactivity. ## Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Securit…☆37Oct 17, 2024Updated last year
- Threat model for Amazon S3 - Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach☆157Updated this week
- ☆117Feb 11, 2026Updated 3 weeks ago
- JXA situational awareness helper by simply reading specific files on a filesystem☆82Feb 17, 2026Updated 2 weeks ago
- ☆124May 26, 2025Updated 9 months ago
- Unauthenticated enumeration of AWS, Azure, and GCP Principals☆283Nov 27, 2025Updated 3 months ago
- Python library to carry out DFIR analysis on the Cloud☆500Mar 2, 2026Updated last week
- Crowdsourced list of sensitive IAM Actions☆159Oct 29, 2024Updated last year
- BadZure automates the deployment of intentionally misconfigured Entra ID tenants and Azure subscriptions, populating them with diverse en…☆488Mar 2, 2026Updated last week
- ☆46Nov 7, 2024Updated last year
- An AWS IAM policy statement parser and query tool.☆198Feb 10, 2026Updated 3 weeks ago
- Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…☆254Nov 18, 2024Updated last year
- Playing around with Stratus Red Team (Cloud Attack simulation tool) and SumoLogic☆308Jan 6, 2023Updated 3 years ago