iknowjason/PurpleCloud iknowjason/PurpleCloud

  • Stars
    star
    485
  • Rank 90,109 (Top 2 %)
  • Language
    Python
  • License
    MIT License
  • Created about 4 years ago
  • Updated 7 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
iknowjason/PurpleCloud
github

iknowjason

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A little tool to play with Azure Identity - Azure Active Directory lab creation tool

GitHub release (latest SemVer) PyPI - Python Version GitHub repo size

Documentation

Terraform code generator to create different Azure security labs.

For full documentation visit: https://www.purplecloud.network

Changelog

11/18/22: Updated managed_identity.py and aadjoin.py

  • On managed_identity.py, changed the default VM size to A1v2 to provide better cost.
  • On aadjoin.py, changed the default Azure AD password to remove special characters.

11/3/22: Added new terraform generators: ADFS & AADJoin

  • Added a new Terraform Generator: adfs.py. This builds a Federation ADFS lab with a DC.
  • Added a new Terraform Generator: aadjoin.py. This builds an Azure AD Join lab with Windows 10 managed devices.
  • Moves all generators into separate sub-directories for cleaner separation of terraform resources and state, ease of use
  • Remove archive directory for older templates
  • Drops AAD connect msi on desktop of ADFS server
  • Adds PurpleSharp to always download on Windows 10 Pro: ad.py, sentinel.py
  • Updated bootstrap scripts to always expand-archive: ad.py, sentinel.py

9/8/22: Updated managed identity generator for automated white listing of source IP.

  • Fixed one issue with new directory name for Windows 10
  • Changed managed_identity.py to use new automatic white listing using http data resource of ifconfig.me

9/6/22: Updated Azure AD Connect on Domain Controller.

  • Customizable Azure AD Connect msi included in files/dc folder.
  • Updates AAD Connect MSI to version 2.x
  • Automatic upload/download to DC's local administrator Desktop

9/2/22: Added support for custom CSV files for loading your own AD users, groups, and OUs into AD DS.

  • Import your own CSV file with --csv file.csv. Must conform with a specific format described in How AD Builds on the DC section
  • Supported for both sentinel.py and ad.py AD DS code generators.

9/1/22: Removed local-exec and ansible! Customizable files! Upgraded Sysmon and Velociraptor.

  • Removed local-exec and ansible dependencies. All post configuration management is done with user-data and bash/powershell.
  • Changed all files in range (winlogbeat, sysmon, sysmon-config) to be self-contained and customizable for upload to/from a storage container.
  • Upgraded Sysmon to v14 and and latest SwiftOnSecurity Sysmon-Config
  • Upgraded Velociraptor to v6.5.2

8/4/22: Updated Sentinel Lab for Active Directory Build + Ship Sysmon and Security Logs into Sentinel!

Build an Azure Sentinel lab with optional support for shipping Windows 10 Sysmon and Security logs into Sentinel Log Analytics Workspace. Optionally build Active Directory with Domain Join.

8/2/22: Added a new Terraform Generator: Phishing Application

You can quickly spin up a multi-tenant Azure Ad application to be used for app consent phishing simulations. It automatically builds typical API consent permissions such as reading email and files, but can be customized for any supported permissions you require.

7/18/22: Added three new Terraform Generators: Azure Sentinel, Azure Storage, Azure Managed Identity

Create three new security labs for different use cases. You can quickly spin up an Azure Sentinel security lab, an Azure storage account with file shares, containers, blobs, and sample files. This also includes an Azure Key Vault with resources. Or create an Azure managed identity security lab for offensive operations and network defenders. See the full documentation for more details.

5/13/22: Added Service Principal abuse attack primitives optional support

Added support to dynamically add some Service Principal abuse attack primitives. This includes dynamically adding an Application Administrator to a random Azure AD user (-aa), a Privileged role admin to a random application SP (-pra), as well as a Global admin role target to a random application SP (-ga). See the azure_ad.py usage examples below for more information. We also added attack scripts for the service principal abuse scenario in attack_scripts directory.

2/14/22: Valentine's Day Updates: Python terraform generator

PurpleCloud has changed! Introducing a Terraform generator using python. Instead of offering terraform templates that have to be manually edited, the starting point is a Python terraform generator. The python scripts will create your own custom terraform files based on user input. The terraform template files have been moved to archive.

More Repositories

1

Awesome-CloudSec-Labs

Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.
1,321
star
2

edge

Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.
Go
150
star
3

AutomatedEmulation

An automated Breach and Attack Simulation lab with terraform. Built for IaC stability, consistency, and speed.
HCL
145
star
4

AriaCloud

A Docker container for remote penetration testing.
HCL
131
star
5

BlueCloud

Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
HTML
122
star
6

voiphopper

VoIP Hopper Network Penetration Testing Tool - Jumping from one VLAN to the next! A network infrastructure penetration testing security tool. A tool to test for the (in)security of VLANS. It can mimic the behavior of IP Phones to better understand business risks within an IP Telephony network infrastructure. VoIP Hopper is included in Kali Linux. This site is for up-to-date code. Documentation website:
Roff
63
star
7

Velociraptor_Azure

A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small Velociraptor R&D lab.
HCL
20
star
8

hammer

An example of a mis-configured Rails application release under MIT license.
Ruby
18
star
9

masscan_nmap

Automating masscan and nmap together.
Python
10
star
10

CMLab

Configuration Management (CM) Security Playground. A small enterprise security lab to practice automation + CM tooling like Ansible, Chef, Puppet, DSCv2, DSCv3, SaltStack.
HCL
9
star
11

azrecon

Az Enum & Recon Cheat Sheet
Shell
6
star
12

MacLab

Multi-use Terraform template to quickly spin up a Mac Lab in AWS!
HCL
6
star
13

conferences

Community contributions to SANS, DEFCON, ShmooCon, and ToorCon.
3
star
14

BlueTools

3
star
15

nmap_nse

Some nmap NSE scripts for testing web applications for sensitive credentials and API keys that can sometimes be inadvertently exposed through environment variables or other mis-configurations.
Lua
3
star
16

HELK_Azure

A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small HELK R&D lab in Azure.
HCL
2
star
17

spb

Shortest Path Bridging (SPB-Mac) vulnerability testing scripts. Used in a network pentest to enumerate a new vuln (CVE-2016-2783) in Avaya VOSS Ethernet switches.
Python
1
star
18

for608-dev

Shell
1
star
19

sniffm

VoIP Sniffer for MGCP protocol
Python
1
star