ThreatResponse

aws_ir

Python installable command line utiltity for mitigation of host and key compromises.

margaritashotgun

Remote Memory Acquisition Tool

ThreatPrep

Python module for evaluation of AWS account best practices around incident handling readieness.

serverless-showdown-api

python-lambda-inspector

A profiler for the lambda sandbox.

mad-king

Proof of Concept Zappa Based AWS Persistence and Attack Platform

defense-against-the-dark-arts

Defense against the dark arts blog series code.

ssm-acquire

A python module for orchestrating content acquisitions and analysis via amazon ssm.

aws_ir_plugins

Core incident handling plugins for aws_ir cli, incident pony, and more.

auth0-rules

Reference rules for integration for auth0.

threatresponse.cloud

middleman generated site

federated_access_proxy

BeyondCorp-style federated access proxy

serverless-vulnerable-azure

A vulnerable app for Azure functions

bad-repo

Demonstration repository.

lime-compiler

WIP compiler for lime kernel modules

poor-webhook

An example of a vulnerable slack bot that runs in AWS lambda.

serverless-observatory

A zappa project for scoring output of threatresponse serverless profilers.

node-lambda-inspector

A profiler for the lambda sandbox.

ansible-edda

Edda ansible playbooks for ThreatResponse supported AMI.

packer-gold

Packer file and lite touch ansible playbook to set up an ansible-container host.

csharp-lambda-inspector

A profiler for the lambda sandbox.

aws_ir-api

A chalice API gateway wrapper around aws_ir. **Highly experimental**

packer-limecompiler

Packer file to build the lime-compiler AMI

threatresponse-bsides

margaritashotgun-bsides

cloudtrailbeat

AWS CloudTrail in ElasticSearch

derbycon-preso

docker-elk

The ELK stack powered by Docker and Compose.

hovercraft-template

packer-threatresponse_workstation

Packer build of the ThreatResponse AMI