Andrew Wurster's starred repositories
ocsf-schema
OCSF Schema
awesome-threat-detection
✨ A curated list of awesome threat detection and hunting resources 🕵️♂️
timesketch
Collaborative forensic timeline analysis
trufflehog
Find and verify secrets
aws-security-analytics-bootstrap
AWS Security Analytics Bootstrap enables customers to perform security investigations on AWS service logs by providing an Amazon Athena analysis environment that's quick to deploy, ready to use, and easy to maintain.
attack_data
A repository of curated datasets from various attacks
binaryalert
BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
streamalert
StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
policy_sentry
IAM Least Privilege Policy Generator
Tor-IP-Addresses
Hourly checked and updated list of IP Addresses of Tor and Tor Exit Nodes
lambda-action
GitHub Action for Deploying Lambda code to an existing function
terraform-aws-ses-lambda-forwarder
This is a terraform module that creates an email forwarder using a combination of AWS SES and Lambda running the aws-lambda-ses-forwarder NPM module.
my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
cloudquery
The open source high performance ELT framework powered by Apache Arrow
aws-inventory
Discover resources created in an AWS account.
cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
SecretScanner
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
osx-security-awesome
A collection of OSX and iOS security resources
ioc-explorer
Explore Indicators of Compromise Automatically
detect-secrets
An enterprise friendly way of detecting and preventing secrets in code.
prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
cloud-forensics-utils
Python library to carry out DFIR analysis on the Cloud
peerd
peerd is an AWS VPC Peering Connection management tool. It creates full-meshes of VPCs from a yaml file, and manages the full lifecycle of creation, deletion and route table updates needed to make VPC peerings useful across accounts and regions. Contributions welcome.