Cloud Incident and Response Simulations
Cloud Droid is a platform designed to manage Incident and Response Simulations; you can execute controlled actions that let you test your Incident Response plan in realistic scenarios.
The main goal of Cloud Droid is to provide red teaming exercises as code, generating simulations against attack scenarios and highlighting possible failures in your incident response plan. The tests are called Smokers, each one executing real actions and then cleaning up the resources created during execution.
The system is currently available for AWS, but it is to be extended to others cloud platforms.
docker run --rm \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN \
-e AWS_DEFAULT_REGION=us-east-1 \
cloudsniper/cloud-droid:latest -s XXXX -B XXXX
docker build -t cloud-droid .
docker run --rm \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_DEFAULT_REGION=us-east-1 \
cloud-droid -s XXXX -b XXXX
You must use the -s option to run a Smoker.
-s | Description |
---|---|
all | Run all Smokers |
test | Test Cloud Droid |
sg | Create an open security group |
pa | Multiple authentication failure in Palo Alto VPN portal. Must configure pano_url located in smoker/PanAuthSmoker.py |
au | Create an administrator user |
aca | Multiple authentication failure in AWS console. Must configure account_id located in smoker/awsConsoleAuthSmoker.py |
ctr | Create a CloudTrail trail |
s3p | Create a public S3 bucket |
esb | Create a public EBS snapshot. Must configure a snapshot id in smoker/EBSPublicSmoker - line27 |
-b | Description |
---|---|
true | Store the results in an S3 bucket |
false | Prints the output on the console |
We welcome all contributions, suggestions, and feedback, so please do not hesitate to reach out.
Ways you can contribute:
This project adheres to the Linux Foundation Code of Conduct available on the event page. By participating, you are expected to honor this code.