Home

Awesome

IncidentResponseGenerator

This application simulates an attack on AWS infrastructure. It was built for the Securosis/Cloud Security Alliance Advanced Cloud Security Practitioner training class.

This code is designed to be run inside an instance with an IAM role with admin privileges. Some caveats:

How we use this in training

We publish a public AMI with this app pre-loaded. Students run a CloudFormation template that creates a new IAM rule and instance profile, then launches an instance with the AMI, where the code runs on initial boot. This takes a few minutes and then we have the students attempt to contain and respond to the simulated attack. No network exposures are created and no secrets are leaked.

This version was created for an exercise that should take about an hour, including launch, response, cleanup, and discussion.

Future plans

  1. Add additional attack types for an upcoming advanced incident response class we are working on.
  2. Create a cleaner script.
  3. Add command line arguments for which attacks to include or exclude.