├── .github └── workflows │ ├── docs.yaml │ ├── gcloud-app-deploy.yaml │ └── gh-action.yaml ├── .gitignore ├── IntroducingTheDeRF.pdf ├── LICENSE.md ├── README.md ├── SECURITY.md ├── attack-techniques ├── aws │ ├── credential-access │ │ ├── ec2-get-password-data │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── locals.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── ec2-steal-instance-credentials │ │ │ ├── attack.tf │ │ │ ├── ec2-infra.tf │ │ │ ├── locals.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── secretsmanager-retrieve-secrets │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── ssm-retrieve-securestring-parameters │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ ├── defense-evasion │ │ ├── cloudtrail-delete │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── cloudtrail-event-selectors │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── cloudtrail-lifecycle-rule │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── cloudtrail-stop │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── organizations-leave │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── vpc-remove-flow-logs │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── locals.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ ├── discovery │ │ ├── ec2-execute-discovery-commands │ │ │ ├── attack.tf │ │ │ ├── ec2-infra.tf │ │ │ ├── locals.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── ec2-get-user-data │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ ├── execution │ │ ├── ec2-launch-unusual-instances │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── locals.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── ec2-modify-user-data │ │ │ ├── attack.tf │ │ │ ├── ec2-infra.tf │ │ │ ├── locals.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ ├── exfiltration │ │ ├── ec2-ami-share-snapshot │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── ec2-security-group-open-port-22-ingress │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── locals.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── ec2-share-ebs-snapshot │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── locals.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── rds-share-snapshot │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ ├── impact │ │ ├── s3-ransomware-batch-deletion │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── s3-ransomware-client-side-encryption │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── s3-objects │ │ │ ├── sample_n02.txt │ │ │ ├── sample_n03.txt │ │ │ ├── sample_n04.txt │ │ │ ├── sample_n05.txt │ │ │ ├── sample_n06.txt │ │ │ ├── sample_n07.txt │ │ │ ├── sample_n08.txt │ │ │ ├── sample_n09.txt │ │ │ ├── sample_n10.txt │ │ │ └── sample_n11.csv │ │ │ ├── variables.tf │ │ │ └── versions.tf │ ├── initial-access │ │ └── console-login-without-mfa │ │ │ ├── attack.tf │ │ │ ├── infra.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ ├── permissions-required │ │ └── iam-permissions.tf │ ├── perpetual-range-resources │ │ ├── cloudtrail.tf │ │ ├── common-network-resources.tf │ │ ├── ec2-infra.tf │ │ ├── iam-for-ec2.tf │ │ └── outputs.tf │ └── persistence │ │ └── iam-create-admin-user │ │ ├── attack.tf │ │ ├── infra.tf │ │ ├── variables.tf │ │ └── versions.tf └── gcp │ ├── exfiltration │ ├── bq-data-exfiltration-via-job-toc │ │ ├── attack.tf │ │ ├── infra.tf │ │ ├── variables.tf │ │ └── versions.tf │ └── share-compute-disk │ │ ├── attack.tf │ │ ├── infra.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── impact │ └── bq-data-deletion │ │ ├── attack.tf │ │ ├── infra.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── impersonate-attacker-sa │ ├── attack.tf │ ├── infra.tf │ ├── variables.tf │ └── versions.tf │ ├── perpetual-range-resources │ ├── bigquery-resources.tf │ ├── iam.tf │ ├── outputs.tf │ ├── sample_bq_schema.json │ ├── variables.tf │ └── versions.tf │ ├── persistence │ └── backdoor-service-account │ │ ├── attack.tf │ │ ├── infra.tf │ │ ├── variables.tf │ │ └── versions.tf │ └── privilege-escalation │ └── impersonate-service-accounts │ ├── attack.tf │ ├── infra.tf │ ├── locals.tf │ ├── variables.tf │ └── versions.tf ├── attacks-internal └── sample-attack │ ├── attack.tf │ ├── iam-permissions.tf │ ├── infra.tf │ └── variables.tf ├── aws-proxy-app ├── Dockerfile ├── README.md ├── app.py ├── cloudbuild.yaml ├── requirements.txt ├── run.sh └── setup.txt ├── derf-deployment ├── aws-derf-execution-users │ ├── README.header.md │ ├── README.md │ ├── iam-users-accessKeys.tf │ ├── iam-users.tf │ ├── locals.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── gcp-aws-proxy-app │ ├── README.header.md │ ├── README.md │ ├── cloud-run.tf │ ├── iam.tf │ ├── locals.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── gcp-bootstrapping │ ├── README.header.md │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── gcp-derf-execution-users │ ├── iam.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── gcp-derf-user-secrets │ ├── iam.tf │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf └── gcp-gcloud-app │ ├── cloud-run.tf │ ├── iam.tf │ ├── locals.tf │ ├── variables.tf │ └── versions.tf ├── docs ├── CNAME ├── Deployment │ ├── deployment-permissions.md │ └── derf-deployment.md ├── attack-techniques │ ├── aws │ │ ├── aws-console-login-without-mfa.md │ │ ├── cloudtrail-delete.md │ │ ├── cloudtrail-event-selectors.md │ │ ├── cloudtrail-lifecycle-rules.md │ │ ├── cloudtrail-stop.md │ │ ├── ec2-ami-share-snapshot.md │ │ ├── ec2-execute-discovery-commands.md │ │ ├── ec2-get-password-data.md │ │ ├── ec2-get-user-data.md │ │ ├── ec2-launch-unusual-instances.md │ │ ├── ec2-modify-user-data.md │ │ ├── ec2-security-group-open-port-22-ingress.md │ │ ├── ec2-share-ebs-snapshot.md │ │ ├── ec2-steal-instance-credentials.md │ │ ├── index.md │ │ ├── organizations-leave.md │ │ ├── rds-share-snapshot.md │ │ ├── secretsmanager-retrieve-secrets.md │ │ ├── ssm-retrieve-securestring-parameters.md │ │ └── vpc-remove-flow-log.md │ ├── gcp │ │ ├── backdoor-service-account.md │ │ ├── bq-data-exfiltration-via-job.md │ │ ├── impersonate-service-accounts.md │ │ ├── index.md │ │ └── share-compute-disk.md │ └── list.md ├── comparison.md ├── contributing.md ├── faq.md ├── images │ ├── ConnectRespository.png │ ├── DeRF Architecture.png │ ├── DeRF_Default_User.png │ ├── DeRF_Deployment_User.png │ ├── DeRF_Execution_User01.png │ ├── DeRF_Execution_User02.png │ ├── Derf_AWS-IAM-Role.png │ ├── Repositories.png │ ├── SelectRepository.png │ ├── architecture_diagram.png │ ├── cloudtrail-lifecyle-rules.png │ ├── compute.disks.setiampolicy.png │ ├── connect-cloudbuild-to-repo.png │ ├── connect-github-repo.png │ ├── derf-gcp-architecture-notes.png │ ├── derf-gcp-architecture.png │ ├── derf-personas - sa01.png │ ├── derf-personas - sa02.png │ ├── diagram_key.png │ ├── ec2-launch-unusual-instances.png │ ├── ec2-security-group-open-port-22-ingress.png │ ├── ec2-share-ami.png │ ├── ec2-share-ebs-snapshot.png │ ├── error_configuring_backend.png │ ├── execute-button-2.png │ ├── execute-button.png │ ├── iam.serviceaccount.serIAMPolicy.png │ ├── impersonate-sa.png │ ├── jobserviceGetQueryResults.png │ ├── jobserviceInsert.png │ ├── paste-json.png │ ├── rds-share-snapshot-2.png │ ├── rds-share-snapshot.png │ ├── select-a-user.png │ ├── select-a-workflow.png │ ├── terraform-destroy.png │ ├── update-adc.png │ └── workflow-error-1.png ├── index.md ├── index.yaml ├── stylesheets │ └── extra.css └── user-guide │ ├── attack-execution-access-control.md │ ├── aws-attack-creation.md │ ├── execution-user-permissions.md │ ├── getting-started.md │ ├── programmatic-usage.md │ ├── troubleshooting.md │ └── usage.md ├── env-prod ├── TEMPLATE.conf ├── TEMPLATE.tfvars ├── aws-attack-techniques-internal.tf ├── aws-attack-techniques.tf ├── aws-derf-deployment.tf ├── backend.tf ├── context.tf ├── derf-mgmt-tools.tf ├── gcp-attack-techniques.tf ├── gcp-derf-deployment.tf ├── locals.tf ├── outputs.tf ├── providers.tf ├── variables.tf └── versions.tf ├── gcloud-app ├── Dockerfile ├── README.md ├── app.py ├── cloudbuild.yaml ├── requirements.txt ├── run.sh └── setup.txt ├── images ├── derf-personas - sa01.png ├── derf-personas - sa02.png ├── execute-button-2.png ├── execute-button.png ├── paste-json.png ├── select-a-user.png └── select-a-workflow.png ├── mgmt-tools ├── README.md ├── list-users-provisioning-tool │ ├── list-custom-users.tf │ ├── variables.tf │ └── versions.tf ├── user-deprovisioning-tool │ ├── user-deprovisioning.tf │ ├── variables.tf │ └── versions.tf └── user-provisioning-tool │ ├── user-provisioning.tf │ ├── variables.tf │ └── versions.tf └── mkdocs.yaml /.github/workflows/docs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/.github/workflows/docs.yaml -------------------------------------------------------------------------------- /.github/workflows/gcloud-app-deploy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/.github/workflows/gcloud-app-deploy.yaml -------------------------------------------------------------------------------- /.github/workflows/gh-action.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/.github/workflows/gh-action.yaml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/.gitignore -------------------------------------------------------------------------------- /IntroducingTheDeRF.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/IntroducingTheDeRF.pdf -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/LICENSE.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/README.md -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/SECURITY.md -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/ec2-get-password-data/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/ec2-get-password-data/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/ec2-get-password-data/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/ec2-get-password-data/infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/ec2-get-password-data/locals.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/ec2-get-password-data/locals.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/ec2-get-password-data/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/ec2-get-password-data/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/ec2-get-password-data/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/ec2-get-password-data/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/ec2-steal-instance-credentials/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/ec2-steal-instance-credentials/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/ec2-steal-instance-credentials/ec2-infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/ec2-steal-instance-credentials/ec2-infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/ec2-steal-instance-credentials/locals.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/ec2-steal-instance-credentials/locals.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/ec2-steal-instance-credentials/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/ec2-steal-instance-credentials/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/ec2-steal-instance-credentials/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/ec2-steal-instance-credentials/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/secretsmanager-retrieve-secrets/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/secretsmanager-retrieve-secrets/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/secretsmanager-retrieve-secrets/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/secretsmanager-retrieve-secrets/infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/secretsmanager-retrieve-secrets/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/secretsmanager-retrieve-secrets/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/secretsmanager-retrieve-secrets/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/secretsmanager-retrieve-secrets/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/ssm-retrieve-securestring-parameters/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/ssm-retrieve-securestring-parameters/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/ssm-retrieve-securestring-parameters/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/ssm-retrieve-securestring-parameters/infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/ssm-retrieve-securestring-parameters/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/ssm-retrieve-securestring-parameters/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/credential-access/ssm-retrieve-securestring-parameters/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/credential-access/ssm-retrieve-securestring-parameters/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/cloudtrail-delete/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/cloudtrail-delete/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/cloudtrail-delete/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/cloudtrail-delete/infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/cloudtrail-delete/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/cloudtrail-delete/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/cloudtrail-delete/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/cloudtrail-delete/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/cloudtrail-event-selectors/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/cloudtrail-event-selectors/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/cloudtrail-event-selectors/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/cloudtrail-event-selectors/infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/cloudtrail-event-selectors/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/cloudtrail-event-selectors/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/cloudtrail-event-selectors/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/cloudtrail-event-selectors/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/cloudtrail-lifecycle-rule/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/cloudtrail-lifecycle-rule/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/cloudtrail-lifecycle-rule/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/cloudtrail-lifecycle-rule/infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/cloudtrail-lifecycle-rule/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/cloudtrail-lifecycle-rule/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/cloudtrail-lifecycle-rule/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/cloudtrail-lifecycle-rule/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/cloudtrail-stop/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/cloudtrail-stop/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/cloudtrail-stop/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/cloudtrail-stop/infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/cloudtrail-stop/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/cloudtrail-stop/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/cloudtrail-stop/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/cloudtrail-stop/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/organizations-leave/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/organizations-leave/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/organizations-leave/infra.tf: -------------------------------------------------------------------------------- 1 | ## None Required -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/organizations-leave/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/organizations-leave/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/organizations-leave/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/organizations-leave/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/vpc-remove-flow-logs/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/vpc-remove-flow-logs/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/vpc-remove-flow-logs/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/vpc-remove-flow-logs/infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/vpc-remove-flow-logs/locals.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/vpc-remove-flow-logs/locals.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/vpc-remove-flow-logs/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/vpc-remove-flow-logs/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/defense-evasion/vpc-remove-flow-logs/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/defense-evasion/vpc-remove-flow-logs/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/discovery/ec2-execute-discovery-commands/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/discovery/ec2-execute-discovery-commands/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/discovery/ec2-execute-discovery-commands/ec2-infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/discovery/ec2-execute-discovery-commands/ec2-infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/discovery/ec2-execute-discovery-commands/locals.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/discovery/ec2-execute-discovery-commands/locals.tf -------------------------------------------------------------------------------- /attack-techniques/aws/discovery/ec2-execute-discovery-commands/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/discovery/ec2-execute-discovery-commands/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/discovery/ec2-execute-discovery-commands/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/discovery/ec2-execute-discovery-commands/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/discovery/ec2-get-user-data/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/discovery/ec2-get-user-data/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/discovery/ec2-get-user-data/infra.tf: -------------------------------------------------------------------------------- 1 | ## None required -------------------------------------------------------------------------------- /attack-techniques/aws/discovery/ec2-get-user-data/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/discovery/ec2-get-user-data/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/discovery/ec2-get-user-data/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/discovery/ec2-get-user-data/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/execution/ec2-launch-unusual-instances/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/execution/ec2-launch-unusual-instances/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/execution/ec2-launch-unusual-instances/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/execution/ec2-launch-unusual-instances/infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/execution/ec2-launch-unusual-instances/locals.tf: -------------------------------------------------------------------------------- 1 | ## None -------------------------------------------------------------------------------- /attack-techniques/aws/execution/ec2-launch-unusual-instances/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/execution/ec2-launch-unusual-instances/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/execution/ec2-launch-unusual-instances/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/execution/ec2-launch-unusual-instances/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/execution/ec2-modify-user-data/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/execution/ec2-modify-user-data/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/execution/ec2-modify-user-data/ec2-infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/execution/ec2-modify-user-data/ec2-infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/execution/ec2-modify-user-data/locals.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/execution/ec2-modify-user-data/locals.tf -------------------------------------------------------------------------------- /attack-techniques/aws/execution/ec2-modify-user-data/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/execution/ec2-modify-user-data/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/execution/ec2-modify-user-data/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/execution/ec2-modify-user-data/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/ec2-ami-share-snapshot/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/ec2-ami-share-snapshot/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/ec2-ami-share-snapshot/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/ec2-ami-share-snapshot/infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/ec2-ami-share-snapshot/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/ec2-ami-share-snapshot/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/ec2-ami-share-snapshot/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/ec2-ami-share-snapshot/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/ec2-security-group-open-port-22-ingress/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/ec2-security-group-open-port-22-ingress/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/ec2-security-group-open-port-22-ingress/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/ec2-security-group-open-port-22-ingress/infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/ec2-security-group-open-port-22-ingress/locals.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/ec2-security-group-open-port-22-ingress/locals.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/ec2-security-group-open-port-22-ingress/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/ec2-security-group-open-port-22-ingress/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/ec2-security-group-open-port-22-ingress/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/ec2-security-group-open-port-22-ingress/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/ec2-share-ebs-snapshot/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/ec2-share-ebs-snapshot/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/ec2-share-ebs-snapshot/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/ec2-share-ebs-snapshot/infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/ec2-share-ebs-snapshot/locals.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/ec2-share-ebs-snapshot/locals.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/ec2-share-ebs-snapshot/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/ec2-share-ebs-snapshot/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/ec2-share-ebs-snapshot/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/ec2-share-ebs-snapshot/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/rds-share-snapshot/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/rds-share-snapshot/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/rds-share-snapshot/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/rds-share-snapshot/infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/rds-share-snapshot/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/rds-share-snapshot/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/exfiltration/rds-share-snapshot/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/exfiltration/rds-share-snapshot/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-batch-deletion/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-batch-deletion/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-batch-deletion/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-batch-deletion/infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-batch-deletion/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-batch-deletion/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-batch-deletion/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-batch-deletion/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-client-side-encryption/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-client-side-encryption/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-client-side-encryption/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-client-side-encryption/infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n02.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n02.txt -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n03.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n03.txt -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n04.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n04.txt -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n05.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n05.txt -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n06.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n06.txt -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n07.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n07.txt -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n08.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n08.txt -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n09.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n09.txt -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n10.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n10.txt -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n11.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-client-side-encryption/s3-objects/sample_n11.csv -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-client-side-encryption/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-client-side-encryption/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/impact/s3-ransomware-client-side-encryption/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/impact/s3-ransomware-client-side-encryption/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/initial-access/console-login-without-mfa/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/initial-access/console-login-without-mfa/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/initial-access/console-login-without-mfa/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/initial-access/console-login-without-mfa/infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/initial-access/console-login-without-mfa/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/initial-access/console-login-without-mfa/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/initial-access/console-login-without-mfa/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/initial-access/console-login-without-mfa/versions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/permissions-required/iam-permissions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/permissions-required/iam-permissions.tf -------------------------------------------------------------------------------- /attack-techniques/aws/perpetual-range-resources/cloudtrail.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/perpetual-range-resources/cloudtrail.tf -------------------------------------------------------------------------------- /attack-techniques/aws/perpetual-range-resources/common-network-resources.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/perpetual-range-resources/common-network-resources.tf -------------------------------------------------------------------------------- /attack-techniques/aws/perpetual-range-resources/ec2-infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/perpetual-range-resources/ec2-infra.tf -------------------------------------------------------------------------------- /attack-techniques/aws/perpetual-range-resources/iam-for-ec2.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/perpetual-range-resources/iam-for-ec2.tf -------------------------------------------------------------------------------- /attack-techniques/aws/perpetual-range-resources/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/perpetual-range-resources/outputs.tf -------------------------------------------------------------------------------- /attack-techniques/aws/persistence/iam-create-admin-user/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/persistence/iam-create-admin-user/attack.tf -------------------------------------------------------------------------------- /attack-techniques/aws/persistence/iam-create-admin-user/infra.tf: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /attack-techniques/aws/persistence/iam-create-admin-user/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/persistence/iam-create-admin-user/variables.tf -------------------------------------------------------------------------------- /attack-techniques/aws/persistence/iam-create-admin-user/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/aws/persistence/iam-create-admin-user/versions.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/exfiltration/bq-data-exfiltration-via-job-toc/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/exfiltration/bq-data-exfiltration-via-job-toc/attack.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/exfiltration/bq-data-exfiltration-via-job-toc/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/exfiltration/bq-data-exfiltration-via-job-toc/infra.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/exfiltration/bq-data-exfiltration-via-job-toc/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/exfiltration/bq-data-exfiltration-via-job-toc/variables.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/exfiltration/bq-data-exfiltration-via-job-toc/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/exfiltration/bq-data-exfiltration-via-job-toc/versions.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/exfiltration/share-compute-disk/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/exfiltration/share-compute-disk/attack.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/exfiltration/share-compute-disk/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/exfiltration/share-compute-disk/infra.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/exfiltration/share-compute-disk/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/exfiltration/share-compute-disk/variables.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/exfiltration/share-compute-disk/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/exfiltration/share-compute-disk/versions.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/impact/bq-data-deletion/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/impact/bq-data-deletion/attack.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/impact/bq-data-deletion/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/impact/bq-data-deletion/infra.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/impact/bq-data-deletion/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/impact/bq-data-deletion/variables.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/impact/bq-data-deletion/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/impact/bq-data-deletion/versions.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/impersonate-attacker-sa/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/impersonate-attacker-sa/attack.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/impersonate-attacker-sa/infra.tf: -------------------------------------------------------------------------------- 1 | ## None required -------------------------------------------------------------------------------- /attack-techniques/gcp/impersonate-attacker-sa/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/impersonate-attacker-sa/variables.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/impersonate-attacker-sa/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/impersonate-attacker-sa/versions.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/perpetual-range-resources/bigquery-resources.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/perpetual-range-resources/bigquery-resources.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/perpetual-range-resources/iam.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/perpetual-range-resources/iam.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/perpetual-range-resources/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/perpetual-range-resources/outputs.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/perpetual-range-resources/sample_bq_schema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/perpetual-range-resources/sample_bq_schema.json -------------------------------------------------------------------------------- /attack-techniques/gcp/perpetual-range-resources/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/perpetual-range-resources/variables.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/perpetual-range-resources/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/perpetual-range-resources/versions.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/persistence/backdoor-service-account/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/persistence/backdoor-service-account/attack.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/persistence/backdoor-service-account/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/persistence/backdoor-service-account/infra.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/persistence/backdoor-service-account/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/persistence/backdoor-service-account/variables.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/persistence/backdoor-service-account/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/persistence/backdoor-service-account/versions.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/privilege-escalation/impersonate-service-accounts/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/privilege-escalation/impersonate-service-accounts/attack.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/privilege-escalation/impersonate-service-accounts/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/privilege-escalation/impersonate-service-accounts/infra.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/privilege-escalation/impersonate-service-accounts/locals.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/privilege-escalation/impersonate-service-accounts/locals.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/privilege-escalation/impersonate-service-accounts/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/privilege-escalation/impersonate-service-accounts/variables.tf -------------------------------------------------------------------------------- /attack-techniques/gcp/privilege-escalation/impersonate-service-accounts/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attack-techniques/gcp/privilege-escalation/impersonate-service-accounts/versions.tf -------------------------------------------------------------------------------- /attacks-internal/sample-attack/attack.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attacks-internal/sample-attack/attack.tf -------------------------------------------------------------------------------- /attacks-internal/sample-attack/iam-permissions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attacks-internal/sample-attack/iam-permissions.tf -------------------------------------------------------------------------------- /attacks-internal/sample-attack/infra.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attacks-internal/sample-attack/infra.tf -------------------------------------------------------------------------------- /attacks-internal/sample-attack/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/attacks-internal/sample-attack/variables.tf -------------------------------------------------------------------------------- /aws-proxy-app/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/aws-proxy-app/Dockerfile -------------------------------------------------------------------------------- /aws-proxy-app/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/aws-proxy-app/README.md -------------------------------------------------------------------------------- /aws-proxy-app/app.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/aws-proxy-app/app.py -------------------------------------------------------------------------------- /aws-proxy-app/cloudbuild.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/aws-proxy-app/cloudbuild.yaml -------------------------------------------------------------------------------- /aws-proxy-app/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/aws-proxy-app/requirements.txt -------------------------------------------------------------------------------- /aws-proxy-app/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | export FLASK_APP=src/app.py 3 | flask run 4 | -------------------------------------------------------------------------------- /aws-proxy-app/setup.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/aws-proxy-app/setup.txt -------------------------------------------------------------------------------- /derf-deployment/aws-derf-execution-users/README.header.md: -------------------------------------------------------------------------------- 1 | # AWS - DeRF Execution Users & Permissions -------------------------------------------------------------------------------- /derf-deployment/aws-derf-execution-users/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/aws-derf-execution-users/README.md -------------------------------------------------------------------------------- /derf-deployment/aws-derf-execution-users/iam-users-accessKeys.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/aws-derf-execution-users/iam-users-accessKeys.tf -------------------------------------------------------------------------------- /derf-deployment/aws-derf-execution-users/iam-users.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/aws-derf-execution-users/iam-users.tf -------------------------------------------------------------------------------- /derf-deployment/aws-derf-execution-users/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | account_id = var.aws_primary_id 3 | } -------------------------------------------------------------------------------- /derf-deployment/aws-derf-execution-users/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/aws-derf-execution-users/outputs.tf -------------------------------------------------------------------------------- /derf-deployment/aws-derf-execution-users/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/aws-derf-execution-users/variables.tf -------------------------------------------------------------------------------- /derf-deployment/aws-derf-execution-users/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/aws-derf-execution-users/versions.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-aws-proxy-app/README.header.md: -------------------------------------------------------------------------------- 1 | # DeRF Deployment 2 | ## GCP - AWS Proxy Application 3 | -------------------------------------------------------------------------------- /derf-deployment/gcp-aws-proxy-app/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-aws-proxy-app/README.md -------------------------------------------------------------------------------- /derf-deployment/gcp-aws-proxy-app/cloud-run.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-aws-proxy-app/cloud-run.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-aws-proxy-app/iam.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-aws-proxy-app/iam.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-aws-proxy-app/locals.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-aws-proxy-app/locals.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-aws-proxy-app/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-aws-proxy-app/outputs.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-aws-proxy-app/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-aws-proxy-app/variables.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-aws-proxy-app/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-aws-proxy-app/versions.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-bootstrapping/README.header.md: -------------------------------------------------------------------------------- 1 | # DeRF Deployment 2 | -------------------------------------------------------------------------------- /derf-deployment/gcp-bootstrapping/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-bootstrapping/README.md -------------------------------------------------------------------------------- /derf-deployment/gcp-bootstrapping/locals.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-bootstrapping/locals.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-bootstrapping/main.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-bootstrapping/main.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-bootstrapping/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-bootstrapping/variables.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-bootstrapping/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-bootstrapping/versions.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-derf-execution-users/iam.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-derf-execution-users/iam.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-derf-execution-users/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-derf-execution-users/outputs.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-derf-execution-users/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-derf-execution-users/variables.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-derf-execution-users/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-derf-execution-users/versions.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-derf-user-secrets/iam.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-derf-user-secrets/iam.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-derf-user-secrets/locals.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-derf-user-secrets/locals.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-derf-user-secrets/main.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-derf-user-secrets/main.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-derf-user-secrets/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-derf-user-secrets/outputs.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-derf-user-secrets/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-derf-user-secrets/variables.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-derf-user-secrets/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-derf-user-secrets/versions.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-gcloud-app/cloud-run.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-gcloud-app/cloud-run.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-gcloud-app/iam.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-gcloud-app/iam.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-gcloud-app/locals.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-gcloud-app/locals.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-gcloud-app/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-gcloud-app/variables.tf -------------------------------------------------------------------------------- /derf-deployment/gcp-gcloud-app/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/derf-deployment/gcp-gcloud-app/versions.tf -------------------------------------------------------------------------------- /docs/CNAME: -------------------------------------------------------------------------------- 1 | thederf.cloud -------------------------------------------------------------------------------- /docs/Deployment/deployment-permissions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/Deployment/deployment-permissions.md -------------------------------------------------------------------------------- /docs/Deployment/derf-deployment.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/Deployment/derf-deployment.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/aws-console-login-without-mfa.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/aws-console-login-without-mfa.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/cloudtrail-delete.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/cloudtrail-delete.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/cloudtrail-event-selectors.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/cloudtrail-event-selectors.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/cloudtrail-lifecycle-rules.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/cloudtrail-lifecycle-rules.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/cloudtrail-stop.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/cloudtrail-stop.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/ec2-ami-share-snapshot.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/ec2-ami-share-snapshot.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/ec2-execute-discovery-commands.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/ec2-execute-discovery-commands.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/ec2-get-password-data.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/ec2-get-password-data.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/ec2-get-user-data.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/ec2-get-user-data.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/ec2-launch-unusual-instances.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/ec2-launch-unusual-instances.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/ec2-modify-user-data.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/ec2-modify-user-data.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/ec2-security-group-open-port-22-ingress.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/ec2-security-group-open-port-22-ingress.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/ec2-share-ebs-snapshot.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/ec2-share-ebs-snapshot.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/ec2-steal-instance-credentials.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/ec2-steal-instance-credentials.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/index.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/organizations-leave.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/organizations-leave.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/rds-share-snapshot.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/rds-share-snapshot.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/secretsmanager-retrieve-secrets.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/secretsmanager-retrieve-secrets.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/ssm-retrieve-securestring-parameters.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/ssm-retrieve-securestring-parameters.md -------------------------------------------------------------------------------- /docs/attack-techniques/aws/vpc-remove-flow-log.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/aws/vpc-remove-flow-log.md -------------------------------------------------------------------------------- /docs/attack-techniques/gcp/backdoor-service-account.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/gcp/backdoor-service-account.md -------------------------------------------------------------------------------- /docs/attack-techniques/gcp/bq-data-exfiltration-via-job.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/gcp/bq-data-exfiltration-via-job.md -------------------------------------------------------------------------------- /docs/attack-techniques/gcp/impersonate-service-accounts.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/gcp/impersonate-service-accounts.md -------------------------------------------------------------------------------- /docs/attack-techniques/gcp/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/gcp/index.md -------------------------------------------------------------------------------- /docs/attack-techniques/gcp/share-compute-disk.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/gcp/share-compute-disk.md -------------------------------------------------------------------------------- /docs/attack-techniques/list.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/attack-techniques/list.md -------------------------------------------------------------------------------- /docs/comparison.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/comparison.md -------------------------------------------------------------------------------- /docs/contributing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/contributing.md -------------------------------------------------------------------------------- /docs/faq.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/faq.md -------------------------------------------------------------------------------- /docs/images/ConnectRespository.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/ConnectRespository.png -------------------------------------------------------------------------------- /docs/images/DeRF Architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/DeRF Architecture.png -------------------------------------------------------------------------------- /docs/images/DeRF_Default_User.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/DeRF_Default_User.png -------------------------------------------------------------------------------- /docs/images/DeRF_Deployment_User.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/DeRF_Deployment_User.png -------------------------------------------------------------------------------- /docs/images/DeRF_Execution_User01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/DeRF_Execution_User01.png -------------------------------------------------------------------------------- /docs/images/DeRF_Execution_User02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/DeRF_Execution_User02.png -------------------------------------------------------------------------------- /docs/images/Derf_AWS-IAM-Role.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/Derf_AWS-IAM-Role.png -------------------------------------------------------------------------------- /docs/images/Repositories.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/Repositories.png -------------------------------------------------------------------------------- /docs/images/SelectRepository.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/SelectRepository.png -------------------------------------------------------------------------------- /docs/images/architecture_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/architecture_diagram.png -------------------------------------------------------------------------------- /docs/images/cloudtrail-lifecyle-rules.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/cloudtrail-lifecyle-rules.png -------------------------------------------------------------------------------- /docs/images/compute.disks.setiampolicy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/compute.disks.setiampolicy.png -------------------------------------------------------------------------------- /docs/images/connect-cloudbuild-to-repo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/connect-cloudbuild-to-repo.png -------------------------------------------------------------------------------- /docs/images/connect-github-repo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/connect-github-repo.png -------------------------------------------------------------------------------- /docs/images/derf-gcp-architecture-notes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/derf-gcp-architecture-notes.png -------------------------------------------------------------------------------- /docs/images/derf-gcp-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/derf-gcp-architecture.png -------------------------------------------------------------------------------- /docs/images/derf-personas - sa01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/derf-personas - sa01.png -------------------------------------------------------------------------------- /docs/images/derf-personas - sa02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/derf-personas - sa02.png -------------------------------------------------------------------------------- /docs/images/diagram_key.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/diagram_key.png -------------------------------------------------------------------------------- /docs/images/ec2-launch-unusual-instances.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/ec2-launch-unusual-instances.png -------------------------------------------------------------------------------- /docs/images/ec2-security-group-open-port-22-ingress.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/ec2-security-group-open-port-22-ingress.png -------------------------------------------------------------------------------- /docs/images/ec2-share-ami.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/ec2-share-ami.png -------------------------------------------------------------------------------- /docs/images/ec2-share-ebs-snapshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/ec2-share-ebs-snapshot.png -------------------------------------------------------------------------------- /docs/images/error_configuring_backend.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/error_configuring_backend.png -------------------------------------------------------------------------------- /docs/images/execute-button-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/execute-button-2.png -------------------------------------------------------------------------------- /docs/images/execute-button.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/execute-button.png -------------------------------------------------------------------------------- /docs/images/iam.serviceaccount.serIAMPolicy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/iam.serviceaccount.serIAMPolicy.png -------------------------------------------------------------------------------- /docs/images/impersonate-sa.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/impersonate-sa.png -------------------------------------------------------------------------------- /docs/images/jobserviceGetQueryResults.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/jobserviceGetQueryResults.png -------------------------------------------------------------------------------- /docs/images/jobserviceInsert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/jobserviceInsert.png -------------------------------------------------------------------------------- /docs/images/paste-json.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/paste-json.png -------------------------------------------------------------------------------- /docs/images/rds-share-snapshot-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/rds-share-snapshot-2.png -------------------------------------------------------------------------------- /docs/images/rds-share-snapshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/rds-share-snapshot.png -------------------------------------------------------------------------------- /docs/images/select-a-user.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/select-a-user.png -------------------------------------------------------------------------------- /docs/images/select-a-workflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/select-a-workflow.png -------------------------------------------------------------------------------- /docs/images/terraform-destroy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/terraform-destroy.png -------------------------------------------------------------------------------- /docs/images/update-adc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/update-adc.png -------------------------------------------------------------------------------- /docs/images/workflow-error-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/images/workflow-error-1.png -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/index.md -------------------------------------------------------------------------------- /docs/index.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/index.yaml -------------------------------------------------------------------------------- /docs/stylesheets/extra.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/stylesheets/extra.css -------------------------------------------------------------------------------- /docs/user-guide/attack-execution-access-control.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/user-guide/attack-execution-access-control.md -------------------------------------------------------------------------------- /docs/user-guide/aws-attack-creation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/user-guide/aws-attack-creation.md -------------------------------------------------------------------------------- /docs/user-guide/execution-user-permissions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/user-guide/execution-user-permissions.md -------------------------------------------------------------------------------- /docs/user-guide/getting-started.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/user-guide/getting-started.md -------------------------------------------------------------------------------- /docs/user-guide/programmatic-usage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/user-guide/programmatic-usage.md -------------------------------------------------------------------------------- /docs/user-guide/troubleshooting.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/user-guide/troubleshooting.md -------------------------------------------------------------------------------- /docs/user-guide/usage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/docs/user-guide/usage.md -------------------------------------------------------------------------------- /env-prod/TEMPLATE.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/env-prod/TEMPLATE.conf -------------------------------------------------------------------------------- /env-prod/TEMPLATE.tfvars: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/env-prod/TEMPLATE.tfvars -------------------------------------------------------------------------------- /env-prod/aws-attack-techniques-internal.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/env-prod/aws-attack-techniques-internal.tf -------------------------------------------------------------------------------- /env-prod/aws-attack-techniques.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/env-prod/aws-attack-techniques.tf -------------------------------------------------------------------------------- /env-prod/aws-derf-deployment.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/env-prod/aws-derf-deployment.tf -------------------------------------------------------------------------------- /env-prod/backend.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/env-prod/backend.tf -------------------------------------------------------------------------------- /env-prod/context.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/env-prod/context.tf -------------------------------------------------------------------------------- /env-prod/derf-mgmt-tools.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/env-prod/derf-mgmt-tools.tf -------------------------------------------------------------------------------- /env-prod/gcp-attack-techniques.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/env-prod/gcp-attack-techniques.tf -------------------------------------------------------------------------------- /env-prod/gcp-derf-deployment.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/env-prod/gcp-derf-deployment.tf -------------------------------------------------------------------------------- /env-prod/locals.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/env-prod/locals.tf -------------------------------------------------------------------------------- /env-prod/outputs.tf: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /env-prod/providers.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/env-prod/providers.tf -------------------------------------------------------------------------------- /env-prod/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/env-prod/variables.tf -------------------------------------------------------------------------------- /env-prod/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/env-prod/versions.tf -------------------------------------------------------------------------------- /gcloud-app/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/gcloud-app/Dockerfile -------------------------------------------------------------------------------- /gcloud-app/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/gcloud-app/README.md -------------------------------------------------------------------------------- /gcloud-app/app.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/gcloud-app/app.py -------------------------------------------------------------------------------- /gcloud-app/cloudbuild.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/gcloud-app/cloudbuild.yaml -------------------------------------------------------------------------------- /gcloud-app/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/gcloud-app/requirements.txt -------------------------------------------------------------------------------- /gcloud-app/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | export FLASK_APP=src/app.py 3 | flask run 4 | -------------------------------------------------------------------------------- /gcloud-app/setup.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/gcloud-app/setup.txt -------------------------------------------------------------------------------- /images/derf-personas - sa01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/images/derf-personas - sa01.png -------------------------------------------------------------------------------- /images/derf-personas - sa02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/images/derf-personas - sa02.png -------------------------------------------------------------------------------- /images/execute-button-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/images/execute-button-2.png -------------------------------------------------------------------------------- /images/execute-button.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/images/execute-button.png -------------------------------------------------------------------------------- /images/paste-json.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/images/paste-json.png -------------------------------------------------------------------------------- /images/select-a-user.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/images/select-a-user.png -------------------------------------------------------------------------------- /images/select-a-workflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/images/select-a-workflow.png -------------------------------------------------------------------------------- /mgmt-tools/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/mgmt-tools/README.md -------------------------------------------------------------------------------- /mgmt-tools/list-users-provisioning-tool/list-custom-users.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/mgmt-tools/list-users-provisioning-tool/list-custom-users.tf -------------------------------------------------------------------------------- /mgmt-tools/list-users-provisioning-tool/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/mgmt-tools/list-users-provisioning-tool/variables.tf -------------------------------------------------------------------------------- /mgmt-tools/list-users-provisioning-tool/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/mgmt-tools/list-users-provisioning-tool/versions.tf -------------------------------------------------------------------------------- /mgmt-tools/user-deprovisioning-tool/user-deprovisioning.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/mgmt-tools/user-deprovisioning-tool/user-deprovisioning.tf -------------------------------------------------------------------------------- /mgmt-tools/user-deprovisioning-tool/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/mgmt-tools/user-deprovisioning-tool/variables.tf -------------------------------------------------------------------------------- /mgmt-tools/user-deprovisioning-tool/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/mgmt-tools/user-deprovisioning-tool/versions.tf -------------------------------------------------------------------------------- /mgmt-tools/user-provisioning-tool/user-provisioning.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/mgmt-tools/user-provisioning-tool/user-provisioning.tf -------------------------------------------------------------------------------- /mgmt-tools/user-provisioning-tool/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/mgmt-tools/user-provisioning-tool/variables.tf -------------------------------------------------------------------------------- /mgmt-tools/user-provisioning-tool/versions.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/mgmt-tools/user-provisioning-tool/versions.tf -------------------------------------------------------------------------------- /mkdocs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vectra-ai-research/derf/HEAD/mkdocs.yaml --------------------------------------------------------------------------------