In-depth analysis and insights on various cloud security topics by Rhino Security Labs team
This is the repository containing Leonidas, a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties. These definitions can then be compiled into: A web API exposing each test case as an individual endpoint Sigma rules (https://github.com/Neo23x0/sigma) for detection Documentation - see http://detectioninthe.cloud/ for an example. The API is deployed via an AWS-native CI/CD pipeline, and it is invoked via web requests secured by an API key. To build documentation or Sigma rules, you'll need to install the generator locally and can generate Sigma rules and documentation accordingly.
In-depth analysis and insights on various cloud security topics by Rhino Security Labs team
Learn how to secure applications in Kubernetes Engine by granting varying levels of privilege based on requirements.
A project that sets up partitioned Athena tables for CloudTrail logs and updates partitions nightly.
Cloud security project focusing on discovering and protecting privileged entities in AWS and Azure environments.
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
Open-source cloud-agnostic resource manager for analyzing and managing cloud cost, usage, security, and governance.