Red-Baron - Automate creating resilient, disposable, secure and agile infrastructure for Red Teams.

  •        34

Red Baron is a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient, disposable, secure and agile infrastructure for Red Teams. Both of these resources were referenced heavily while building this.

https://github.com/Coalfire-Research/Red-Baron

Tags
Implementation
License
Platform

   




Related Projects

DumpsterFire - "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events

  •    Python

The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Turn paper tabletop exercises into controlled "live fire" range events. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts. The toolset is designed to be dynamically extensible, allowing you to create your own Fires (event modules) to add to the included collection of toolset Fires. Just write your own Fire module and drop it into the FireModules directory. The DumpsterFire toolset will auto-detect your custom Fires at startup and make them available for use.

awesome-terraform - Curated list of resources on HashiCorp's Terraform

  •    

Terraform enables you to safely and predictably create, change, and improve production infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned. For more Community Modules not listed here please see the Terraform Module Registry.

RTA - Red team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets

  •    Python

Red Team Arsenal is a web/network security scanner which has the capability to scan all company's online facing assets and provide an holistic security view of any security anomalies. It's a closely linked collections of security engines to conduct/simulate attacks and monitor public facing assets for anomalies and leaks. It's an intelligent scanner detecting security anomalies in all layer 7 assets and gives a detailed report with integration support with nessus. As companies continue to expand their footprint on INTERNET via various acquisitions and geographical expansions, human driven security engineering is not scalable, hence, companies need feedback driven automated systems to stay put.

tack - Terraform module for creating Kubernetes cluster running on Container Linux by CoreOS in an AWS VPC

  •    HCL

Opinionated Terraform module for creating a Highly Available Kubernetes cluster running on Container Linux by CoreOS (any channel) in an AWS Virtual Private Cloud VPC. With prerequisites installed make all will simply spin up a default cluster; and, since it is based on Terraform, customization is much easier than CloudFormation.The default configuration includes Kubernetes add-ons: DNS, Dashboard and UI.

terraformer - CLI tool to generate terraform files from existing infrastructure (reverse Terraform)

  •    Go

CLI tool to generate tf and tfstate files from existing infrastructure (reverse Terraform). Terraformer use terraform providers and built for easy to add new supported resources. For upgrade resources with new fields you need upgrade only terraform providers.


moistpetal - Open source offensive security platform for red team, by red team.

  •    Go

Moistpetal is a modular malware framework for modern red teams. It is under active community development for red team, by red team.

terraboard - :earth_africa: :clipboard: A web dashboard to inspect Terraform States

  •    Go

It currently only supports S3 as a remote state backend, and dynamoDB for retrieving lock informations. The overview presents all the state files in the S3 bucket, by most recent modification date.

MEAnalyzer - Intel Engine Firmware Analysis Tool

  •    Python

ME Analyzer is a tool which parses Intel Engine & PMC firmware images from the (Converged Security) Management Engine, (Converged Security) Trusted Execution Engine, (Converged Security) Server Platform Services & Power Management Controller families. It can be used by end-users who are looking for all relevant firmware information such as Family, Version, Release, Type, Date, SKU, Platform etc. It is capable of detecting new/unknown firmware, checking firmware health, Updated/Outdated status and many more. ME Analyzer is also a powerful Engine firmware research analysis tool with multiple structures which allow, among others, full parsing and unpacking of Converged Security Engine (CSE) code & file system, Flash Partition Table (FPT), Boot Partition Descriptor Table (BPDT/IFWI), CSE Layout Table (LT), advanced Size detection etc. Moreover, with the help of its extensive database, ME Analyzer is capable of uniquely categorizing all supported Engine firmware as well as check for any firmware which have not been stored at the Intel Engine Firmware Repositories yet. ME Analyzer allows end-users and/or researchers to quickly analyze and/or report new firmware versions without the use of special Intel tools (FIT/FITC, FWUpdate) or Hex Editors. To do that effectively, a database had to be built. The Intel Engine Firmware Repositories is a collection of every (CS)ME, (CS)TXE & (CS)SPS firmware we have found. Its existence is very important for ME Analyzer as it allows us to continue doing research, find new types of firmware, compare same major version releases for similarities, check for updated firmware etc. Bundled with ME Analyzer is a file called MEA.dat which is required for the program to run. It includes entries for all Engine firmware that are available to us. This accommodates primarily three actions: a) Detect each firmware's Family via unique identifier keys, b) Check whether the imported firmware is up to date and c) Help find new Engine firmware sooner by reporting them at the Intel Management Engine: Drivers, Firmware & System Tools or Intel Trusted Execution Engine: Drivers, Firmware & System Tools threads respectively.

infrastructure-as-code-talk - Sample code for the talk "Infrastructure-as-code: running microservices on AWS with Docker, ECS, and Terraform"

  •    HCL

Note: This repo is for demonstration purposes only and should NOT be used to run anything important. For production-ready version of this code and many other types of infrastructure, check out Gruntwork. The docker-compose.yml file mounts rails-frontend and sinatra-backend folders as volumes in each Docker image, so any changes you make to the apps on your host OS will automatically be reflected in the running Docker container. This lets you do iterative "make-a-change-and-refresh" style development.

terraform-provider-oci - Terraform Oracle Cloud Infrastructure provider

  •    Go

The OCI Terraform Provider is now available for automatic download through the Terraform Provider Registry. For more information on how to get started view the documentation and setup guide. Note: You may use any version 1.8 or above to build the provider. However, the goimports, go vet, and gofmt code checks will only pass when using version 1.11.

rattlesnakeos-stack - Build your own privacy and security focused Android OS in the cloud on a continuous basis with OTA updates

  •    Go

RattlesnakeOS is a privacy and security focused Android OS for Google Pixel phones. RattlesnakeOS was created initially as an alternative to CopperheadOS, a security hardened Android OS created by Daniel Micay, after it stopped being properly maintained back in June 2018. To be clear, this project is not attempting to add or recreate any of the security hardening features that were present in CopperheadOS. Instead, it is looking to fill a gap now that CopperheadOS is no longer available in its previous form, as there are no real alternatives that provide the same level of privacy and security.

Terraform - Tool for building, changing, and versioning infrastructure safely and efficiently

  •    Go

Terraform provides a common configuration to launch infrastructure — from physical and virtual servers to email and DNS providers. Once launched, Terraform safely and efficiently changes infrastructure as the configuration is evolved. Simple file based configuration gives you a single view of your entire infrastructure.

terratest - Terratest is a Go library that makes it easier to write automated tests for your infrastructure code

  •    Go

Terratest was developed at Gruntwork to help maintain the Infrastructure as Code Library, which contains over 250,000 lines of code written in Terraform, Go, Python, and Bash, and is used in production by hundreds of companies. See Open sourcing Terratest: a swiss army knife for testing infrastructure code for more info. Prerequisite: install Go.

dagda - a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

  •    Python

Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities. In order to fulfill its mission, first the known vulnerabilities as CVEs (Common Vulnerabilities and Exposures), BIDs (Bugtraq IDs), RHSAs (Red Hat Security Advisories) and RHBAs (Red Hat Bug Advisories), and the known exploits from Offensive Security database are imported into a MongoDB to facilitate the search of these vulnerabilities and exploits when your analysis are in progress.

infrastructure-as-code-tutorial - Infrastructure As Code Tutorial

  •    

This tutorial is intended to show what the Infrastructure as Code (IaC) is, why we need it, and how it can help you manage your infrastructure more efficiently. It is practice-based, meaning I don't give much theory on what Infrastructure as Code is in the beginning of the tutorial, but instead let you feel it through the practice first. At the end of the tutorial, I summarize some of the key points about Infrastructure as Code based on what you learn through the labs.

h4cker - This repository is primarily maintained by Omar Santos and includes resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more

  •    Java

This repository includes thousands of cybersecurity-related references and resources and it is maintained by Omar Santos. This GitHub repository has been created to provide supplemental material to several books, video courses, and live training created by Omar Santos and other co-authors. It provides over 6,000 references, scripts, tools, code, and other resources that help offensive and defensive security professionals learn and develop new skills. This GitHub repository provides guidance on how build your own hacking environment, learn about offensive security (ethical hacking) techniques, vulnerability research, exploit development, reverse engineering, malware analysis, threat intelligence, threat hunting, digital forensics and incident response (DFIR), includes examples of real-life penetration testing reports, and more. These courses serve as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. It also can help individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), CompTIA PenTest+ and any other ethical hacking certification. This course helps any cyber security professional that want to learn the skills required to becoming a professional ethical hacker or that want to learn more about general hacking methodologies and concepts.

scap-security-guide - Baseline compliance content in SCAP formats

  •    Python

The purpose of this project is to create security policy content for various platforms -- Red Hat Enterprise Linux, Fedora, Ubuntu, Debian, and others. Our aim is to make it as easy as possible to write new and maintain existing security content in all the commonly used formats. "SCAP content" refers to documents in the XCCDF, OVAL and Source DataStream formats. These documents can be presented in different forms and by different organizations to meet their security automation and technical implementation needs. For general use we recommend Source DataStreams because they contain all the data you need to evaluate and put machines into compliance. The datastreams are part of our release ZIP archives.

puma-scan - Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code

  •    CSharp

Puma Scan is a .NET software secure code analysis tool providing real time, continuous source code analysis as development teams write code. In Visual Studio, vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications. Puma Scan also integrates into the build to provide security analysis at compile time. The Puma Scan Community Edition is licensed under the Mozilla Public License (MPL) version 2.0.

terraform-provisioner-ansible - A provisioner for bootstrapping terraform resources with ansible

  •    Go

Terraform is a tool for automating infrastructure. Terraform includes the ability to provision resources at creation time through a plugin api. Currently, some builtin provisioners such as chef and standard scripts are provided; this provisioner introduces the ability to provision an instance at creation time with ansible. This provisioner provides the ability to apply host-groups, plays or roles against a host at provision time. Ansible is run on the host itself and this provisioner configures a dynamic inventory on the fly as resources are created.

Cloakify - CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection

  •    Python

CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based steganography using lists. Convert any file type (e.g. executables, Office, Zip, images) into a list of everyday strings. Very simple tools, powerful concept, limited only by your imagination. For a quick start on CloakifyFactory, see the cleverly titled file "README_GETTING_STARTED.txt" in the project for a walkthrough.