This is the repository containing Leonidas, a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties. These definitions can then be compiled into: A web API exposing each test case as an individual endpoint Sigma rules (https://github.com/Neo23x0/sigma) for detection Documentation - see http://detectioninthe.cloud/ for an example. The API is deployed via an AWS-native CI/CD pipeline, and it is invoked via web requests secured by an API key. To build documentation or Sigma rules, you'll need to install the generator locally and can generate Sigma rules and documentation accordingly.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A framework to analyze container images and gather useful information.
Discover and understand the Docker Layer 2 ICC Bug and its implications on inter-container communication.
In-depth analysis and insights on various cloud security topics by Rhino Security Labs team
Multi-cloud OSINT tool for enumerating public resources in AWS, Azure, and Google Cloud.
Learn how to secure applications in Kubernetes Engine by granting varying levels of privilege based on requirements.
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
Kube-bench is a tool for checking Kubernetes security based on CIS Kubernetes Benchmark.
Automate actions on Security Command Center findings with automated disk snapshots, IAM grant revocation, and more.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.