Phoenix, AZ

Jason Ostrom

Elite
@iknowjason

Curious to learn. Husband and father. Author and SANS Certified Instructor. Automation for InfoSec.

Awesome-CloudSec-Labs. Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.

2.1k

PurpleCloud. A little tool to play with Azure Identity - Azure and Entra ID lab creation tool. Blog: https://medium.com/@iknowjason/sentinel-for-purple-teaming-183b7df7a2f4

644

AutomatedEmulation. An automated Adversary Emulation lab with terraform and MCP server. Build Caldera techniques and operations assisted with LLMs. Built for IaC stability, consistency, and speed.

212

edge. Whois for the Cloud: Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.

185

BlueCloud. Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

148

AriaCloud. A Docker container for remote penetration testing.

141

voiphopper. VoIP Hopper Network Penetration Testing Tool - Jumping from one VLAN to the next! A network infrastructure penetration testing security tool. A tool to test for the (in)security of VLANS. It can mimic the behavior of IP Phones to better understand business risks within an IP Telephony network infrastructure. VoIP Hopper is included in Kali Linux. This site is for up-to-date code. Documentation website:

82

CMLab. Configuration Management (CM) Security Playground. A small enterprise security lab to practice automation + CM tooling like Ansible, Chef, Puppet, SaltStack, DSCv2, DSCv3.

23

Velociraptor_Azure. A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.

22

llm-security-scanner. LLM-Powered Code Security Scanning

22

hammer. An example of a mis-configured Rails application release under MIT license.

21

GHOSTSPlayground. A small security playground implementation of GHOSTS User Simulation framework with an Active Directory deployment and Elastic.

20

masscan_nmap. Automating masscan and nmap together.

11

azrecon. Az Enum & Recon Cheat Sheet

10

MacLab. Multi-use Terraform template to quickly spin up a Mac Lab in AWS!

9

Velociraptorbbc. A velociraptor with Timesketch automation lab for DFIR acquisition, triage, analysis.

5

HELK_Azure. A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small HELK R&D lab in Azure.

5

gpu-ai-playground. An AI Playground for self-hosted LLM + GPU and several tools with terraform IaC automation. Hosted in AWS, a Private LLM inference and model hosting research playground

5

LLMPlayground. Terraform AWS to setup Ollama and Open WebUI

5

nmap_nse. Some nmap NSE scripts for testing web applications for sensitive credentials and API keys that can sometimes be inadvertently exposed through environment variables or other mis-configurations.

4

conferences. Community contributions to SANS, DEFCON, ShmooCon, and ToorCon.

4

BlueTools.

4

Spray365. Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.

3

AzSentinelQueries. Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.

2

for608-dev. Shell

2

orbit. Orbit Scanning Software

2

caldera_tines. Samples for Caldera and Tines automation playbooks

2

sagemaker-ai-playground. Private LLM inference endpoint and model hosting using Sagemaker AI. Cyber Security research testing using Cisco's foundation-sec-8b-instruct. Loads a Jupyter Notebook with security examples.

2

tracecat. The open source Tines / Splunk SOAR alternative.

2

HELK. The Hunting ELK

2

Nebula. Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps Components.

2

matano. Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

2

opencti. Open Cyber Threat Intelligence Platform

2

sec598-resources. Python

2

spb. Shortest Path Bridging (SPB-Mac) vulnerability testing scripts. Used in a network pentest to enumerate a new vuln (CVE-2016-2783) in Avaya VOSS Ethernet switches.

2

SlingshotCE. Ruby

2

nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.

2

sniffm. VoIP Sniffer for MGCP protocol

2

mitre_groups. MITRE ATT&CK threat actor groups imported as markdown and showing TTPs used.

2

ccat. Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

1

enterprise-azure-policy-as-code. Enterprise-ready Azure Policy-as-Code (PaC) solution (includes Az DevOps pipeline)

1

cisco-foundation-notebooks. Jupyter Notebook

1

BadBlood. BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.

1

jupyterGPULab. AWS Sagemaker Jupyter Notebooks dev environment with GPU. Build with Terraform.

1

Invoke-Mimidogz. Simple AV testing

1

payloads. Caldera Operations Payloads

1
46
Apply