I maintain or contribute to multiple open source projects, the most significant of which are described below.
Leonidas is a framework for automating execution of attacker actions in the cloud. It was developed as part of my work on attack detection in cloud-native environments at WithSecure (previously F-Secure Consulting). It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties. These definitions can then be compiled into:
- A web API exposing each test case as an individual endpoint, deployed as a serverless function into the relevant cloud provider. This is built by an automatically created CI/CD pipeline.
- Sigma rules (https://github.com/Neo23x0/sigma) for detection
- Documentation - see http://detectioninthe.cloud/ for an example
The architecture for a typical Leonidas deployment can be seen below. This is all deployed using the Terraform included in the repository.
To simplify management of my testing systems, I developed a set of Packer templates and Vagrant files to automatically build a clean and up-to-date Kali Linux virtual machine. These can be found here: https://github.com/NJonesUK/kali-packer-vagrant
As part of this, I also maintain collections of Ansible roles for installing a wide variety of tools. These can be found at:
- Dev tools: https://github.com/NJonesUK/ansible-collection-dev
- Security tools: https://github.com/NJonesUK/ansible-collection-security