├── .github └── ISSUE_TEMPLATE │ ├── bug_report.md │ ├── feature_request.md │ └── new-ttp.md ├── .gitignore ├── LICENSE ├── Makefile ├── README.md ├── aws-pipeline ├── codebuild.tf ├── codecommit.tf ├── codepipeline.tf ├── outputs.tf ├── provider.tf ├── s3.tf ├── ssh_config.tpl └── variables.tf ├── definitions ├── c2 │ └── .gitkeep ├── collection │ └── .gitkeep ├── credential_access │ ├── .gitkeep │ ├── access-secrets-api-server.yml │ ├── access-secrets-manager-secrets.yml │ ├── access-secrets-pod-filesystem.yml │ ├── app-creds-configmaps.yml │ └── app-creds-env.yml ├── defense_evasion │ ├── add-new-guardduty-ip-set.yml │ ├── cloudtrail-alter-encryption-configuration.yml │ ├── cloudtrail-change-destination-bucket.yml │ ├── cloudtrail-delete-trail.yml │ ├── cloudtrail-disable-global-event-logging.yml │ ├── cloudtrail-disable-log-file-validation.yml │ ├── cloudtrail-disable-multiregion-logging.yml │ ├── cloudtrail-disable-trail.yml │ ├── cloudtrail-remove-sns-topic.yml │ ├── config-delete-rule.yml │ ├── delete-kubernetes-events.yml │ ├── pod-name-similarity.yml │ └── update-guardduty-ip-set.yml ├── discovery │ ├── enumerate-cloudtrail.yml │ ├── enumerate-iam-getaccountauthorizationdetails.yml │ ├── enumerate-iam-groups.yml │ ├── enumerate-iam-users.yml │ ├── enumerate-nodes.yml │ ├── enumerate-pods.yml │ ├── enumerate-rbac-permissions.yml │ ├── enumerate-secrets-manager.yml │ ├── enumerate-vpc-flow-logs.yml │ ├── enumerate-waf-rules.yml │ ├── get-guardduty-detector.yml │ ├── get-identity.yml │ └── list-guardduty-detectors.yml ├── execution │ ├── create-pod.yml │ ├── exec-into-container.yml │ ├── modify-lambda-function-code.yml │ └── sidecar-injection.yml ├── exfiltration │ └── .gitkeep ├── impact │ ├── delete-deployment.yml │ ├── delete-iam-group.yml │ ├── delete-iam-policy.yml │ ├── delete-iam-role.yml │ ├── delete-iam-user.yml │ ├── delete-login-profile-for-iam-user.yml │ ├── delete-pod.yml │ ├── delete-secrets-manager-secret.yml │ └── delete-serviceaccount.yml ├── initial_access │ └── .gitkeep ├── lateral_movement │ └── .gitkeep ├── persistence │ ├── add-api-key-to-iam-user.yml │ ├── add-iam-user.yml │ ├── alter-assume-role-policy-document.yml │ ├── change-current-iam-user-password.yml │ ├── create-iam-group.yml │ ├── create-login-profile-for-iam-user.yml │ ├── create-secrets-manager-secret.yml │ ├── create-serviceaccount.yml │ └── update-login-profile-for-iam-user.yml └── privilege_escalation │ ├── add-iam-user-to-group.yml │ ├── add-policy-to-iam-group.yml │ ├── add-policy-to-iam-user.yml │ ├── add-policy-to-role.yml │ ├── add-role-to-new-ec2-instance.yml │ ├── attach-malicious-lambda-layer.yml │ ├── create-iam-policy-version.yml │ ├── create-iam-policy.yml │ ├── privileged-container.yml │ ├── set-default-iam-policy-version.yml │ ├── update-inline-policy-for-user.yml │ └── writeable-hostpath-mount.yml ├── docs ├── api-logging.md ├── architecture.png ├── deploying-leonidas.md ├── k8s-architecture-svc.png ├── k8s-architecture.png ├── using-leonidas.md ├── writing-api-executors.md └── writing-definitions.md ├── generator ├── __init__.py ├── config.yml ├── generator.py ├── lib │ ├── __init__.py │ ├── awsapigen.py │ ├── definitions.py │ ├── docgen.py │ ├── helpers.py │ ├── kubeapigen.py │ ├── leo_case_gen.py │ └── sigmaexport.py ├── poetry.lock ├── pyproject.toml ├── requirements.txt ├── templates │ ├── aws │ │ └── sigma.jinja2 │ ├── aws_python_execution_function.jinja2 │ ├── cloudwatch-event.jinja2 │ ├── iam-policy.jinja2 │ ├── kube-resources.jinja2 │ ├── kube_python_execution_function.jinja2 │ ├── kubernetes │ │ └── sigma.jinja2 │ ├── leo-cases.jinja2 │ ├── lucene-query.jinja2 │ ├── markdown-kubernetes.jinja2 │ ├── markdown.jinja2 │ ├── python_api_core.jinja2 │ └── serverless.jinja2 └── test │ ├── __init__.py │ ├── test_definition_ingestion.py │ └── test_defs │ ├── basic.yml │ └── notimplemented.yml ├── jupyter ├── Leonidas JupyterDemo.ipynb ├── img │ └── OF815.png ├── lib │ ├── __init__.py │ ├── kubeclientlib.py │ └── leoclientlib.py ├── poetry.lock ├── pyproject.toml └── threat-actors │ ├── OF815.ipynb │ └── demo-envs │ └── dharma.yml ├── leo ├── README.md ├── leo.py └── pyproject.toml ├── output ├── Dockerfile ├── docs │ └── index.md ├── leonidas │ ├── api │ │ ├── __init__.py │ │ ├── api_base.py │ │ └── utils.py │ └── pyproject.toml └── mkdocs.yml ├── runtime.txt ├── sigma-pipeline-kubernetes-to-elk.yml └── template-definition.yml /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/.github/ISSUE_TEMPLATE/bug_report.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/.github/ISSUE_TEMPLATE/feature_request.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/new-ttp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/.github/ISSUE_TEMPLATE/new-ttp.md -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/.gitignore -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/README.md -------------------------------------------------------------------------------- /aws-pipeline/codebuild.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/aws-pipeline/codebuild.tf -------------------------------------------------------------------------------- /aws-pipeline/codecommit.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/aws-pipeline/codecommit.tf -------------------------------------------------------------------------------- /aws-pipeline/codepipeline.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/aws-pipeline/codepipeline.tf -------------------------------------------------------------------------------- /aws-pipeline/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/aws-pipeline/outputs.tf -------------------------------------------------------------------------------- /aws-pipeline/provider.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/aws-pipeline/provider.tf -------------------------------------------------------------------------------- /aws-pipeline/s3.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/aws-pipeline/s3.tf -------------------------------------------------------------------------------- /aws-pipeline/ssh_config.tpl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/aws-pipeline/ssh_config.tpl -------------------------------------------------------------------------------- /aws-pipeline/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/aws-pipeline/variables.tf -------------------------------------------------------------------------------- /definitions/c2/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /definitions/collection/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /definitions/credential_access/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /definitions/credential_access/access-secrets-api-server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/credential_access/access-secrets-api-server.yml -------------------------------------------------------------------------------- /definitions/credential_access/access-secrets-manager-secrets.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/credential_access/access-secrets-manager-secrets.yml -------------------------------------------------------------------------------- /definitions/credential_access/access-secrets-pod-filesystem.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/credential_access/access-secrets-pod-filesystem.yml -------------------------------------------------------------------------------- /definitions/credential_access/app-creds-configmaps.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/credential_access/app-creds-configmaps.yml -------------------------------------------------------------------------------- /definitions/credential_access/app-creds-env.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/credential_access/app-creds-env.yml -------------------------------------------------------------------------------- /definitions/defense_evasion/add-new-guardduty-ip-set.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/defense_evasion/add-new-guardduty-ip-set.yml -------------------------------------------------------------------------------- /definitions/defense_evasion/cloudtrail-alter-encryption-configuration.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/defense_evasion/cloudtrail-alter-encryption-configuration.yml -------------------------------------------------------------------------------- /definitions/defense_evasion/cloudtrail-change-destination-bucket.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/defense_evasion/cloudtrail-change-destination-bucket.yml -------------------------------------------------------------------------------- /definitions/defense_evasion/cloudtrail-delete-trail.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/defense_evasion/cloudtrail-delete-trail.yml -------------------------------------------------------------------------------- /definitions/defense_evasion/cloudtrail-disable-global-event-logging.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/defense_evasion/cloudtrail-disable-global-event-logging.yml -------------------------------------------------------------------------------- /definitions/defense_evasion/cloudtrail-disable-log-file-validation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/defense_evasion/cloudtrail-disable-log-file-validation.yml -------------------------------------------------------------------------------- /definitions/defense_evasion/cloudtrail-disable-multiregion-logging.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/defense_evasion/cloudtrail-disable-multiregion-logging.yml -------------------------------------------------------------------------------- /definitions/defense_evasion/cloudtrail-disable-trail.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/defense_evasion/cloudtrail-disable-trail.yml -------------------------------------------------------------------------------- /definitions/defense_evasion/cloudtrail-remove-sns-topic.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/defense_evasion/cloudtrail-remove-sns-topic.yml -------------------------------------------------------------------------------- /definitions/defense_evasion/config-delete-rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/defense_evasion/config-delete-rule.yml -------------------------------------------------------------------------------- /definitions/defense_evasion/delete-kubernetes-events.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/defense_evasion/delete-kubernetes-events.yml -------------------------------------------------------------------------------- /definitions/defense_evasion/pod-name-similarity.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/defense_evasion/pod-name-similarity.yml -------------------------------------------------------------------------------- /definitions/defense_evasion/update-guardduty-ip-set.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/defense_evasion/update-guardduty-ip-set.yml -------------------------------------------------------------------------------- /definitions/discovery/enumerate-cloudtrail.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/discovery/enumerate-cloudtrail.yml -------------------------------------------------------------------------------- /definitions/discovery/enumerate-iam-getaccountauthorizationdetails.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/discovery/enumerate-iam-getaccountauthorizationdetails.yml -------------------------------------------------------------------------------- /definitions/discovery/enumerate-iam-groups.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/discovery/enumerate-iam-groups.yml -------------------------------------------------------------------------------- /definitions/discovery/enumerate-iam-users.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/discovery/enumerate-iam-users.yml -------------------------------------------------------------------------------- /definitions/discovery/enumerate-nodes.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/discovery/enumerate-nodes.yml -------------------------------------------------------------------------------- /definitions/discovery/enumerate-pods.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/discovery/enumerate-pods.yml -------------------------------------------------------------------------------- /definitions/discovery/enumerate-rbac-permissions.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/discovery/enumerate-rbac-permissions.yml -------------------------------------------------------------------------------- /definitions/discovery/enumerate-secrets-manager.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/discovery/enumerate-secrets-manager.yml -------------------------------------------------------------------------------- /definitions/discovery/enumerate-vpc-flow-logs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/discovery/enumerate-vpc-flow-logs.yml -------------------------------------------------------------------------------- /definitions/discovery/enumerate-waf-rules.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/discovery/enumerate-waf-rules.yml -------------------------------------------------------------------------------- /definitions/discovery/get-guardduty-detector.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/discovery/get-guardduty-detector.yml -------------------------------------------------------------------------------- /definitions/discovery/get-identity.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/discovery/get-identity.yml -------------------------------------------------------------------------------- /definitions/discovery/list-guardduty-detectors.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/discovery/list-guardduty-detectors.yml -------------------------------------------------------------------------------- /definitions/execution/create-pod.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/execution/create-pod.yml -------------------------------------------------------------------------------- /definitions/execution/exec-into-container.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/execution/exec-into-container.yml -------------------------------------------------------------------------------- /definitions/execution/modify-lambda-function-code.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/execution/modify-lambda-function-code.yml -------------------------------------------------------------------------------- /definitions/execution/sidecar-injection.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/execution/sidecar-injection.yml -------------------------------------------------------------------------------- /definitions/exfiltration/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /definitions/impact/delete-deployment.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/impact/delete-deployment.yml -------------------------------------------------------------------------------- /definitions/impact/delete-iam-group.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/impact/delete-iam-group.yml -------------------------------------------------------------------------------- /definitions/impact/delete-iam-policy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/impact/delete-iam-policy.yml -------------------------------------------------------------------------------- /definitions/impact/delete-iam-role.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/impact/delete-iam-role.yml -------------------------------------------------------------------------------- /definitions/impact/delete-iam-user.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/impact/delete-iam-user.yml -------------------------------------------------------------------------------- /definitions/impact/delete-login-profile-for-iam-user.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/impact/delete-login-profile-for-iam-user.yml -------------------------------------------------------------------------------- /definitions/impact/delete-pod.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/impact/delete-pod.yml -------------------------------------------------------------------------------- /definitions/impact/delete-secrets-manager-secret.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/impact/delete-secrets-manager-secret.yml -------------------------------------------------------------------------------- /definitions/impact/delete-serviceaccount.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/impact/delete-serviceaccount.yml -------------------------------------------------------------------------------- /definitions/initial_access/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /definitions/lateral_movement/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /definitions/persistence/add-api-key-to-iam-user.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/persistence/add-api-key-to-iam-user.yml -------------------------------------------------------------------------------- /definitions/persistence/add-iam-user.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/persistence/add-iam-user.yml -------------------------------------------------------------------------------- /definitions/persistence/alter-assume-role-policy-document.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/persistence/alter-assume-role-policy-document.yml -------------------------------------------------------------------------------- /definitions/persistence/change-current-iam-user-password.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/persistence/change-current-iam-user-password.yml -------------------------------------------------------------------------------- /definitions/persistence/create-iam-group.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/persistence/create-iam-group.yml -------------------------------------------------------------------------------- /definitions/persistence/create-login-profile-for-iam-user.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/persistence/create-login-profile-for-iam-user.yml -------------------------------------------------------------------------------- /definitions/persistence/create-secrets-manager-secret.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/persistence/create-secrets-manager-secret.yml -------------------------------------------------------------------------------- /definitions/persistence/create-serviceaccount.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/persistence/create-serviceaccount.yml -------------------------------------------------------------------------------- /definitions/persistence/update-login-profile-for-iam-user.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/persistence/update-login-profile-for-iam-user.yml -------------------------------------------------------------------------------- /definitions/privilege_escalation/add-iam-user-to-group.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/privilege_escalation/add-iam-user-to-group.yml -------------------------------------------------------------------------------- /definitions/privilege_escalation/add-policy-to-iam-group.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/privilege_escalation/add-policy-to-iam-group.yml -------------------------------------------------------------------------------- /definitions/privilege_escalation/add-policy-to-iam-user.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/privilege_escalation/add-policy-to-iam-user.yml -------------------------------------------------------------------------------- /definitions/privilege_escalation/add-policy-to-role.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/privilege_escalation/add-policy-to-role.yml -------------------------------------------------------------------------------- /definitions/privilege_escalation/add-role-to-new-ec2-instance.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/privilege_escalation/add-role-to-new-ec2-instance.yml -------------------------------------------------------------------------------- /definitions/privilege_escalation/attach-malicious-lambda-layer.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/privilege_escalation/attach-malicious-lambda-layer.yml -------------------------------------------------------------------------------- /definitions/privilege_escalation/create-iam-policy-version.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/privilege_escalation/create-iam-policy-version.yml -------------------------------------------------------------------------------- /definitions/privilege_escalation/create-iam-policy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/privilege_escalation/create-iam-policy.yml -------------------------------------------------------------------------------- /definitions/privilege_escalation/privileged-container.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/privilege_escalation/privileged-container.yml -------------------------------------------------------------------------------- /definitions/privilege_escalation/set-default-iam-policy-version.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/privilege_escalation/set-default-iam-policy-version.yml -------------------------------------------------------------------------------- /definitions/privilege_escalation/update-inline-policy-for-user.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/privilege_escalation/update-inline-policy-for-user.yml -------------------------------------------------------------------------------- /definitions/privilege_escalation/writeable-hostpath-mount.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/definitions/privilege_escalation/writeable-hostpath-mount.yml -------------------------------------------------------------------------------- /docs/api-logging.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/docs/api-logging.md -------------------------------------------------------------------------------- /docs/architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/docs/architecture.png -------------------------------------------------------------------------------- /docs/deploying-leonidas.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/docs/deploying-leonidas.md -------------------------------------------------------------------------------- /docs/k8s-architecture-svc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/docs/k8s-architecture-svc.png -------------------------------------------------------------------------------- /docs/k8s-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/docs/k8s-architecture.png -------------------------------------------------------------------------------- /docs/using-leonidas.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/docs/using-leonidas.md -------------------------------------------------------------------------------- /docs/writing-api-executors.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/docs/writing-api-executors.md -------------------------------------------------------------------------------- /docs/writing-definitions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/docs/writing-definitions.md -------------------------------------------------------------------------------- /generator/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /generator/config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/config.yml -------------------------------------------------------------------------------- /generator/generator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/generator.py -------------------------------------------------------------------------------- /generator/lib/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /generator/lib/awsapigen.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/lib/awsapigen.py -------------------------------------------------------------------------------- /generator/lib/definitions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/lib/definitions.py -------------------------------------------------------------------------------- /generator/lib/docgen.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/lib/docgen.py -------------------------------------------------------------------------------- /generator/lib/helpers.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /generator/lib/kubeapigen.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/lib/kubeapigen.py -------------------------------------------------------------------------------- /generator/lib/leo_case_gen.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/lib/leo_case_gen.py -------------------------------------------------------------------------------- /generator/lib/sigmaexport.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/lib/sigmaexport.py -------------------------------------------------------------------------------- /generator/poetry.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/poetry.lock -------------------------------------------------------------------------------- /generator/pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/pyproject.toml -------------------------------------------------------------------------------- /generator/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/requirements.txt -------------------------------------------------------------------------------- /generator/templates/aws/sigma.jinja2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/templates/aws/sigma.jinja2 -------------------------------------------------------------------------------- /generator/templates/aws_python_execution_function.jinja2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/templates/aws_python_execution_function.jinja2 -------------------------------------------------------------------------------- /generator/templates/cloudwatch-event.jinja2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/templates/cloudwatch-event.jinja2 -------------------------------------------------------------------------------- /generator/templates/iam-policy.jinja2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/templates/iam-policy.jinja2 -------------------------------------------------------------------------------- /generator/templates/kube-resources.jinja2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/templates/kube-resources.jinja2 -------------------------------------------------------------------------------- /generator/templates/kube_python_execution_function.jinja2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/templates/kube_python_execution_function.jinja2 -------------------------------------------------------------------------------- /generator/templates/kubernetes/sigma.jinja2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/templates/kubernetes/sigma.jinja2 -------------------------------------------------------------------------------- /generator/templates/leo-cases.jinja2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/templates/leo-cases.jinja2 -------------------------------------------------------------------------------- /generator/templates/lucene-query.jinja2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/templates/lucene-query.jinja2 -------------------------------------------------------------------------------- /generator/templates/markdown-kubernetes.jinja2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/templates/markdown-kubernetes.jinja2 -------------------------------------------------------------------------------- /generator/templates/markdown.jinja2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/templates/markdown.jinja2 -------------------------------------------------------------------------------- /generator/templates/python_api_core.jinja2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/templates/python_api_core.jinja2 -------------------------------------------------------------------------------- /generator/templates/serverless.jinja2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/templates/serverless.jinja2 -------------------------------------------------------------------------------- /generator/test/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /generator/test/test_definition_ingestion.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/test/test_definition_ingestion.py -------------------------------------------------------------------------------- /generator/test/test_defs/basic.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/test/test_defs/basic.yml -------------------------------------------------------------------------------- /generator/test/test_defs/notimplemented.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/generator/test/test_defs/notimplemented.yml -------------------------------------------------------------------------------- /jupyter/Leonidas JupyterDemo.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/jupyter/Leonidas JupyterDemo.ipynb -------------------------------------------------------------------------------- /jupyter/img/OF815.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/jupyter/img/OF815.png -------------------------------------------------------------------------------- /jupyter/lib/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /jupyter/lib/kubeclientlib.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/jupyter/lib/kubeclientlib.py -------------------------------------------------------------------------------- /jupyter/lib/leoclientlib.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/jupyter/lib/leoclientlib.py -------------------------------------------------------------------------------- /jupyter/poetry.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/jupyter/poetry.lock -------------------------------------------------------------------------------- /jupyter/pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/jupyter/pyproject.toml -------------------------------------------------------------------------------- /jupyter/threat-actors/OF815.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/jupyter/threat-actors/OF815.ipynb -------------------------------------------------------------------------------- /jupyter/threat-actors/demo-envs/dharma.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/jupyter/threat-actors/demo-envs/dharma.yml -------------------------------------------------------------------------------- /leo/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/leo/README.md -------------------------------------------------------------------------------- /leo/leo.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/leo/leo.py -------------------------------------------------------------------------------- /leo/pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/leo/pyproject.toml -------------------------------------------------------------------------------- /output/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/output/Dockerfile -------------------------------------------------------------------------------- /output/docs/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/output/docs/index.md -------------------------------------------------------------------------------- /output/leonidas/api/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /output/leonidas/api/api_base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/output/leonidas/api/api_base.py -------------------------------------------------------------------------------- /output/leonidas/api/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/output/leonidas/api/utils.py -------------------------------------------------------------------------------- /output/leonidas/pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/output/leonidas/pyproject.toml -------------------------------------------------------------------------------- /output/mkdocs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/output/mkdocs.yml -------------------------------------------------------------------------------- /runtime.txt: -------------------------------------------------------------------------------- 1 | 3.8 -------------------------------------------------------------------------------- /sigma-pipeline-kubernetes-to-elk.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/sigma-pipeline-kubernetes-to-elk.yml -------------------------------------------------------------------------------- /template-definition.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ReversecLabs/leonidas/HEAD/template-definition.yml --------------------------------------------------------------------------------