Automation

A distributed AWS security auditing tool that continuously enumerates and scans internet-facing AWS services to identify potentially misconfigured resources.

A Security Orchestration, Automation and Response (SOAR) platform for incident response and threat hunting.

FLARE-VM is a Windows virtual machine setup tool that automates the installation and configuration of reverse engineering and malware analysis software using Chocolatey and Boxstarter technologies.

A GitHub action that lints AWS IAM policy documents to identify security issues and misconfigurations with configurable severity levels and custom rules.

SOARCA is an open-source SOAR platform that automates security incident response workflows using standardized CACAOv2 playbooks and multiple integration interfaces.

FeatherDuster is a cryptanalysis tool that automatically identifies and exploits weaknesses in cryptographic systems by analyzing ciphertext files.

An automated AWS security compliance remediation system that uses Lambda functions and SQS queues to automatically fix security violations detected by AWS Config.

BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.

AHHHZURE is an automated deployment script that creates vulnerable Azure cloud lab environments for offensive security training and cloud penetration testing practice.

NoSQLMap is an open source Python tool that automates NoSQL injection attacks and exploits configuration weaknesses in NoSQL databases to disclose or clone data.

A collection of automation scripts that quickly enable essential AWS security and compliance features that are not activated by default in AWS accounts.

A content repository for Cortex XSOAR that provides playbooks, automation scripts, and templates for security operations automation and orchestration.

A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.

A tool that combines multiple open source Git scanning utilities to detect and list secrets stored in Git repositories for security audits and compliance checks.

An automated script that configures Active Directory domains using customizable XML configuration files.

Chamber is a command-line tool for managing secrets by storing them in AWS SSM Parameter Store with path-based API support for improved performance.

MITRE Caldera™ is an automated adversary emulation platform built on the MITRE ATT&CK framework that supports red team operations and incident response activities through a modular C2 server and plugin architecture.

Laika BOSS is a scalable object scanner and intrusion detection system that extracts child objects, applies security flags, and generates metadata from files for security analysis.

AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.

A cloud-native, event-driven data pipeline toolkit for security teams that processes and routes data across AWS services with custom formatting and API enrichment capabilities.

DataCop is an AWS framework that automatically blocks S3 buckets containing PII or classified information based on AWS Macie findings and configurable security policies.

Metabadger automates the upgrade of AWS EC2 instances to use the more secure Instance Metadata Service v2 (IMDSv2) to prevent SSRF attacks and reduce attack surface.

An Ansible role that automates the deployment and management of Bifrozt honeypots for network security monitoring.

Cloudmarker is a configurable cloud monitoring tool and framework that audits Azure and GCP environments by retrieving, analyzing, and alerting on cloud security data.