├── IDEAS.md ├── README.md └── RSS.md /IDEAS.md: -------------------------------------------------------------------------------- 1 | [![Follow on Twitter](https://img.shields.io/twitter/follow/opendevsecops.svg?logo=twitter)](https://twitter.com/opendevsecops) 2 | 3 | # Ideas 4 | 5 | We are full of ideas which are not yet executed. **They are free to steal!** But if you want to make the world a better place you will use the OpenDevSecOps platform to make them real. 6 | 7 | * [Defensive Security](#defensive-security) 8 | * [Offensive Security](#offensive-security) 9 | 10 | ## Defensive Security 11 | 12 | This is our bread and butter. 13 | 14 | **SIEM** - cloud-based SIEM based on common technologies like ElasticSearch. Serious this is going to be a game changer for many organisations. The solution should also come with builtin use-cases. 15 | 16 | **CVE search** - define a list of technologies you want to monitor and get notifications (slack, email, sms, etc) when a positive match is found. This will help you get notified of vulnerabilities as soon as they are made official. 17 | 18 | **Temp shell** - a fully working remote shell with extra logging. This could be something like xterm.js over websockets. The idea is that the shell will be logging everything to stdout which will respectively get logged in cloudwatch, etc. Additional post processing rules can be used on the logs to do whatever heart desires. 19 | 20 | **Access bot** - a bot that could give you a temp access to cloud resources when asked. Not a bullet proof security but at least it is transparent especially if used over a public channel on slack. At least everyone knows who does what. 21 | 22 | **Secure drop** - companies share files with 3rd-party services with dubious T&Cs and crazy security. This solution is to provide an off-the-shelf dropbox-like solution for sharing files. We need a bucket, sftp, some static site for uploading and a well defined process for doing the encryption with keys not 7zip passwords. 23 | 24 | **Config snapshot** - a tool plus some support infrastructure to make periodic config snapshots of the entire cloud setup. AWS Config does that already but do we trust it? People know ways to evade it! This tool can be based on the NCC's ScoutSuite. The snapshot can be taken and compared with previous snapshots to detect changes. 25 | 26 | **AWS Forensics** - an infrastructure to support forensic analysis in AWS. I don't know fully what this will look like but it sounds like something we need. Traditional forensics simply does not work well enough in cloud. The project could define common use-cases and provide specific solutions for them. 27 | 28 | **Security News Bot** - why manually keep everyone informed on slack and other channels when you can automate the process. A bot will keep you informed about what is going on 24/7. The bot can also come with configurable set of rules and filters. Perhaps we can deploy it in the OpenDevSecOps channel first. 29 | 30 | **Bad Actors** - consume the public feeds from Firehol and produce files in s3. Use the files to feed into GuardDuty and other tools in order to quickly identify bad actors. I know, GuardDuty allegedly does something like this but can we trust it? 31 | 32 | **Fake Profile Detector** - automate the process of finding fake profiles (LinkedIn) claiming to be the company or that work for the company. LinkedIn does not provide this automatically. 33 | 34 | **Dependency Catalog** - create a dependency and artefacts catalog to identify vulnerabilities. Performing security checks at build time is cool but if you don't build frequently you will get nothing. This tool/infrastructure is designed to solve this problem by build a catalog of all dependencies and constantly check them for vulnerabilities. 35 | 36 | **Automatic subscription to HIBP** - create a fully automated solution for subscribing to HIBP and instantiating handlers to report when accounts are found in password leaks. 37 | 38 | **Malicious domain detector** - anyone can register a domain name that looks like yours so how do you find them? Well this tool/infrastructure will help you do just that. 39 | 40 | **Rota** - some people need access to things when they are on rota. This module is supposed to automate this process. Add the desired people to the rota and set their permissions. The tool will do the rest. 41 | 42 | **Basic SOC** - people spend millions for SOC that does nothing and this is about to change. This module is envisioned to provide solutions to this age old problem. 43 | 44 | **Log grep** - a serverless infrastructure for grepping the logs. Sometimes you just need to find keywords to create pretty simple but clever ad-hoc solutions. 45 | 46 | **Country/Office lock** - sometimes you need to lock down access to your AWS to specific country/office. This module is supposed to help you set this up. 47 | 48 | **Suspicious alarms** - monitor networks for traffic spikes. Setup alarms to help you flag this automatically. 49 | 50 | **Killer** - the best type of infrastructure is the one that defends itself. This module will provide features to kill various types of resources such as EC2 instances, Lambda functions, etc. The idea is that you can invoke the killer if you think that the detect event is highlight suspicious. This could cause some down-time if not configured properly but if properly configured will make your environment super hostile to attack. 51 | 52 | **Camouflage** - a lambda edge function to hide the real application form non-standard user-agents. This will make pentesting so much difficult. We can even detect when somebody is doing something crazy and actively throw them at time-wasting resources. 53 | 54 | **Sandbox** - a module to help you setup a proper sandbox environment that gets nuked on scheduled interval. You can use this to test cloud components at minimal cost. 55 | 56 | **Bucketeer** - module to help you reserve common s3 buckets and other named resources. Some attackers will park your domains so we need this infrastructure to help mitigate against this. 57 | 58 | **AWS++** - better AWS tools. Perhaps base it on top of SecApps awesome UI pr use Pown.js terminal UI features. 59 | 60 | **AWS Config Rules** - a collection of extended AWS config rules. The more the better. 61 | 62 | **Exfiltrator Detection** - a tool to be deployed in a supposedly secure VPC to detect the mean by which data can be exfiltrated. For example, can we use ICMP, UDP and DNS to exfiltrate data if TCP is blocked. What other TCP ports are allowed, etc. 63 | 64 | **GitHub Search** - a tool to search github for intelligence. GitHub is full of useful stuff. Automating the processes for finding useful intelligence on GitHub will be really interesting and could echo great rewards. 65 | 66 | **VULNMAN** - cloud ready vulnerability management solution. Might not be worth considering that you can manage this from Jira or something similar. 67 | 68 | **Discovery Bot** - bot (probably slack) to help you get answers on questions such as what instances they are and so on. This might be suboptimal and not a great security practice but in some situations will be better if it helps reducing access to production environments. 69 | 70 | **Insider Threat Detection** - infrastructure to help you spread breadcrumbs like URLS, emails and what not in order to detect insider threat attacks. Might help if we can also schedule how we want to spread the breadcrumbs so that everything is fully automated. 71 | 72 | **API Honeytokens** - probably a serverless function that once invoked will trigger an alert. The idea is that you can embed the function in AWS API gateway. If someone is trying to check your API you will be immediately notified. This could also be linked to other actions like if we get the offender blocked or throttled. 73 | 74 | **Binaryalert** - like airbnb's binaryalert but without the drama. The idea of automatically detecting malicious files in s3 bucket is pretty generic and something that can be easily done with a bit of automation. 75 | 76 | **Lambda Layer** - a lambda layer to provide default security enhancements for serverless functions. 77 | 78 | ## Offensive Security 79 | 80 | You cannot defence without understanding offensive. 81 | 82 | **Pentest box** - it is what is sounds like. Additionally the box can be configured to be started at specific windows for specific purposes. For example, launching a pentesting infrastructure in your prod environment is not particularly great idea but perhaps the risk is mitigated if the box is only available for a limited period of time to complete a particular task. 83 | 84 | **Automated scout** - does the recon and everything else under the sun to identify potential weaknesses. The solution can be run continuously to ensure all that is disclosed online cannot be used in various attack scenarios. 85 | 86 | **Cloud backdoors** - a collection of cloud backdoors. If we don't implement them how are we going to detect them? We cannot so don't judge. 87 | 88 | **Phishing automator** - will help with running internal phishing exercises. Can it be used by to cause damage - of course? But we are not helping if we don't implement it. We will be ignoring the problem if nothing else. 89 | 90 | **APT automator** - some tools can be dynamically setup to perform APTs. Metasploits comes to mind as the default solution but it could be anything really. 91 | 92 | **Offensive Search** - an elastic search infrastructure for random indexes of data that can be used for offensive and perhaps defensive security. Imagine you are aggregating a lot of interesting data but you don't know how to make sense of it. This could be the tool for the job. 93 | 94 | **VPN/SSH/Proxy Hopper** - simple container infrastructure to hop into a VPC remotely. This can be used to gain direct access to a well guarded network. 95 | 96 | **Infector** - a fully automated tool to propagate on top of cloud environments. This is for demo purposes only. This idea is heavily inspired by [Monkey](https://github.com/guardicore/monkey). The difference is that it should be written in Go instead of python so that it is easier to copy - also better cross-platform. If time allows, rust will be welcome too. 97 | 98 | **Creds Collector** - run a low cost search infrastructure for dumps of previously disclosed data breaches. Sometimes it is useful to have that level of intelligence although it is technically crossing the line. 99 | 100 | **GPU Cracker** - gpu powered infrastructure for cracking hashes. If you have a dump of hashes, instruct a dynamically instantiated infrastructure to crack it for you. The module could come with some useful limits such as running the infrastructure for no longer than the allocated time before it becomes too costly. 101 | 102 | **Collaborator** - when working in teams you need to collaborate. This is meant to setup all necessary resources to provide a suitable environment for sharing and archiving. 103 | 104 | **RedBaron** - we copy and improve the RedBaron tool. It looks interesting but I think it needs some improvements that will only make sense for this project. 105 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![Follow on Twitter](https://img.shields.io/twitter/follow/opendevsecops.svg?logo=twitter)](https://twitter.com/opendevsecops) 2 | [![Codacy Badge](https://api.codacy.com/project/badge/Grade/277fadaed0e340e98b044c9b924f9bfa)](https://www.codacy.com/app/OpenDevSecOps/lobby?utm_source=github.com&utm_medium=referral&utm_content=opendevsecops/lobby&utm_campaign=Badge_Grade) 3 | 4 | # OpenDevSecOps 5 | 6 | Our mission is to deliver readily-available and security solutions to organizations large and small. 7 | 8 | ## Why 9 | 10 | Everything that we do is to empower and educate people everywhere so that, together, we can build a more secure and fairer digital world. 11 | 12 | ## How 13 | 14 | We do this by creating readily-available and free defensive and offensive devops security solutions using existing and new opendevsecops methodologies. 15 | 16 | ## What 17 | 18 | All security solutions are free to download and use in your personal projects and at work. 19 | 20 | ## Getting Started 21 | 22 | If you come to this place you are most certainly interested in what we are building. Here are a few ways to get started: 23 | 24 | * All solutions are open source and free to use. Download away! 25 | * You are welcome to do any changes your heart desires. Simply fork the code and make a pull request. 26 | * Don't understand what this is? Have a look at some of the [ideas](IDEAS.md) we currently have. 27 | * Join the team and make your own projects. The Slack [channel](https://join.slack.com/t/opendevsecops/shared_invite/enQtNDg5NTAyNzAwNDk3LTBiM2VkMmU5MjllMTNhMTEyMzlmZDJlZGMyNDIzOTQzNzdhOTczODBiOTlhY2RhZDM0NmM4MjE1MTA0MTM0OGI) is a great way to reach us. 28 | * You have something interesting to say? You can contribute to our [blog](https://github.com/opendevsecops/www). 29 | * Try to meet to team. We are social beings. 30 | * Simply join the conversation. Sharing is caring and we would love to hear from you. 31 | 32 | ## Repositories 33 | 34 | We actively contribute to the following repostories: 35 | 36 | * [Code Repository](https://github.com/opendevsecops) 37 | * [Terraform Registry](https://registry.terraform.io/modules/opendevsecops) 38 | * [Docker Hub](https://hub.docker.com/u/opendevsecops) 39 | 40 | ## Elsewhere 41 | 42 | You can also find us hanging out at the following places: 43 | 44 | * [Twitter](https://twitter.com/opendevsecops) 45 | * [Slack](https://join.slack.com/t/opendevsecops/shared_invite/enQtNDg5NTAyNzAwNDk3LTBiM2VkMmU5MjllMTNhMTEyMzlmZDJlZGMyNDIzOTQzNzdhOTczODBiOTlhY2RhZDM0NmM4MjE1MTA0MTM0OGI) 46 | 47 | 48 | ## Contributors 49 | 50 | OpenDevSecOps is not possible without the support of the following advisors and contributors: 51 | 52 | ### pdp 53 | 54 | * https://pdparchitect.github.io/www/ 55 | * https://twitter.com/pdp 56 | 57 | ## Sponsors 58 | 59 | OpenDevSecOps is not possible without the generous sponsorship of the following companies and organisations: 60 | 61 | * [SecApps](https://secapps.org) - Online Security Tools 62 | * [Websecurify](https://websecurify.com) - Information Security Toolkit 63 | 64 | _Contact us if you want to support further development of OpenDevSecOps._ 65 | -------------------------------------------------------------------------------- /RSS.md: -------------------------------------------------------------------------------- 1 | [![Follow on Twitter](https://img.shields.io/twitter/follow/opendevsecops.svg?logo=twitter)](https://twitter.com/opendevsecops) 2 | 3 | # RSS 4 | 5 | A curated list of docs, tutorials and other training information about DevSecOps. 6 | 7 | ## Osquery 8 | 9 | * [osquery Across the Enterprise 10 | ](https://medium.com/palantir/osquery-across-the-enterprise-3c3c9d13ec55) 11 | * [Securing Docker Containers via Osquery and Kubernetes](https://www.slideshare.net/Uptycs/securing-docker-containers-via-osquery-and-kubernetes) 12 | 13 | ## Random 14 | 15 | * [Netflix Information Security: Preventing Credential Compromise in AWS](https://medium.com/netflix-techblog/netflix-information-security-preventing-credential-compromise-in-aws-41b112c15179) 16 | * [Effective Security Pipeline 17 | ](https://alex.kaskaso.li/post/effective-security-pipeline) 18 | 19 | ## Podcasts 20 | 21 | * [Epic Failures in DevSecOps](https://soundcloud.com/owasp-podcast/epic-failures-in-devsecops-w-aubrey-stearn) 22 | 23 | ## Contribute 24 | 25 | Have you seen or read something useful? Add it to this page! 26 | --------------------------------------------------------------------------------