ThreatResponse

aws_ir

Python installable command line utiltity for mitigation of host and key compromises.

margaritashotgun

Remote Memory Acquisition Tool

ThreatPrep

Python module for evaluation of AWS account best practices around incident handling readieness.

mad-king

Proof of Concept Zappa Based AWS Persistence and Attack Platform

aws_ir_plugins

Core incident handling plugins for aws_ir cli, incident pony, and more.

poor-webhook

An example of a vulnerable slack bot that runs in AWS lambda.

lime-compiler

WIP compiler for lime kernel modules

packer-threatresponse_workstation

Packer build of the ThreatResponse AMI

docker-elk

The ELK stack powered by Docker and Compose.

ssm-acquire

A python module for orchestrating content acquisitions and analysis via amazon ssm.

python-lambda-inspector

A profiler for the lambda sandbox.

serverless-observatory

A zappa project for scoring output of threatresponse serverless profilers.

defense-against-the-dark-arts

Defense against the dark arts blog series code.

serverless-vulnerable-azure

A vulnerable app for Azure functions

cloudtrailbeat

AWS CloudTrail in ElasticSearch

node-lambda-inspector

A profiler for the lambda sandbox.

threatresponse.cloud

middleman generated site

ansible-edda

Edda ansible playbooks for ThreatResponse supported AMI.

auth0-rules

Reference rules for integration for auth0.

aws_ir-api

A chalice API gateway wrapper around aws_ir. **Highly experimental**

derbycon-preso

federated_access_proxy

BeyondCorp-style federated access proxy

threatresponse-bsides

bad-repo

Demonstration repository.

csharp-lambda-inspector

A profiler for the lambda sandbox.

hovercraft-template

packer-gold

Packer file and lite touch ansible playbook to set up an ansible-container host.

serverless-showdown-api

margaritashotgun-bsides

packer-limecompiler

Packer file to build the lime-compiler AMI