This is your work, valued
Curious to learn. Husband and father. Author and SANS Certified Instructor. Automation for InfoSec.
Awesome-CloudSec-Labs. Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.
2.1kPurpleCloud. A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4
644AutomatedEmulation. An automated Adversary Emulation lab with terraform and MCP server. Build Caldera techniques and operations assisted with LLMs. Built for IaC stability, consistency, and speed.
212edge. Whois for the Cloud: Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.
185BlueCloud. Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
148AriaCloud. A Docker container for remote penetration testing.
141voiphopper. VoIP Hopper Network Penetration Testing Tool - Jumping from one VLAN to the next! A network infrastructure penetration testing security tool. A tool to test for the (in)security of VLANS. It can mimic the behavior of IP Phones to better understand business risks within an IP Telephony network infrastructure. VoIP Hopper is included in Kali Linux. This site is for up-to-date code. Documentation website:
82CMLab. Configuration Management (CM) Security Playground. A small enterprise security lab to practice automation + CM tooling like Ansible, Chef, Puppet, SaltStack, DSCv2, DSCv3.
23Velociraptor_Azure. A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.
22llm-security-scanner. LLM-Powered Code Security Scanning
22hammer. An example of a mis-configured Rails application release under MIT license.
21GHOSTSPlayground. A small security playground implementation of GHOSTS User Simulation framework with an Active Directory deployment and Elastic.
20masscan_nmap. Automating masscan and nmap together.
11azrecon. Az Enum & Recon Cheat Sheet
10MacLab. Multi-use Terraform template to quickly spin up a Mac Lab in AWS!
9Velociraptorbbc. A velociraptor with Timesketch automation lab for DFIR acquisition, triage, analysis.
5HELK_Azure. A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small HELK R&D lab in Azure.
5gpu-ai-playground. An AI Playground for self-hosted LLM + GPU and several tools with terraform IaC automation. Hosted in AWS, a Private LLM inference and model hosting research playground
5LLMPlayground. Terraform AWS to setup Ollama and Open WebUI
5nmap_nse. Some nmap NSE scripts for testing web applications for sensitive credentials and API keys that can sometimes be inadvertently exposed through environment variables or other mis-configurations.
4conferences. Community contributions to SANS, DEFCON, ShmooCon, and ToorCon.
4BlueTools.
4Spray365. Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.
3AzSentinelQueries. Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.
2for608-dev. Shell
2orbit. Orbit Scanning Software
2caldera_tines. Samples for Caldera and Tines automation playbooks
2sagemaker-ai-playground. Private LLM inference endpoint and model hosting using Sagemaker AI. Cyber Security research testing using Cisco's foundation-sec-8b-instruct. Loads a Jupyter Notebook with security examples.
2tracecat. The open source Tines / Splunk SOAR alternative.
2HELK. The Hunting ELK
2Nebula. Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps Components.
2matano. Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
2opencti. Open Cyber Threat Intelligence Platform
2sec598-resources. Python
2spb. Shortest Path Bridging (SPB-Mac) vulnerability testing scripts. Used in a network pentest to enumerate a new vuln (CVE-2016-2783) in Avaya VOSS Ethernet switches.
2SlingshotCE. Ruby
2nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.
2sniffm. VoIP Sniffer for MGCP protocol
2mitre_groups. MITRE ATT&CK threat actor groups imported as markdown and showing TTPs used.
2ccat. Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
1enterprise-azure-policy-as-code. Enterprise-ready Azure Policy-as-Code (PaC) solution (includes Az DevOps pipeline)
1cisco-foundation-notebooks. Jupyter Notebook
1BadBlood. BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
1jupyterGPULab. AWS Sagemaker Jupyter Notebooks dev environment with GPU. Build with Terraform.
1Invoke-Mimidogz. Simple AV testing
1payloads. Caldera Operations Payloads
1