Jason Ostrom

I’m super pumped to release v1.0 of my free Azure security tool (PurpleCloud) in the hopes that it will be useful to the InfoSec community evolving the so called “Purple Teaming” in the cloud! Website: purplecloud.network

📣 Registration is OPEN for Hack & Defend Summit! Join @Steph3nSim & @SecHubb on Oct 28-29 in Austin, TX, when Red & Blue unite to learn from each other, build better strategies, & create stronger defenses against real-world threats. ➡️ Learn More: sans.org/u/1AWB

@fabian_bader @derdanu @fabian_bader Nice tool. Here is my cli tool GH: github.com/iknowjason/edge

@fabian_bader @derdanu Very nice little web app tool. FYI, I coded a golang binary cli tool that hits the same Azure IP ranges endpoint. Good for a detection engineering enrichment for performant lookups at scale, single IP address, or large list. Supports multiple cloud providers and services.

Do you know the Azure IP Ranges site by @derdanu ? It's a great tool to filter IP ranges by service and even download them in different formats. azureipranges.azurewebsites.net

@fabian_bader @derdanu Github: github.com/iknowjason/edge

@mosesrenegade @fabian_bader Very interesting little tool. Edge already gathers all Azure IP ranges from the same endpoint. It's just a CLI tool for performant lookups at scale, single IP address or a large list.

@securitypuck it appears Edge could have a new feature. @fabian_bader I would also recommend looking at this little binary: github.com/iknowjason/edge

I just published this article - "Sentinel for Purple Teaming" link.medium.com/C8sVTqvNVNb Automates logging configuration to Sentinel. AD deployment. Explores different Managed Identities from a pentester lens. #CloudSecurity #Azure #pentest #PurpleTeam

You can run injects of user behavior and create the telemetry that will make your training very realistic. "GHOSTS Playground" is released under a permissive MIT license, allowing you control over what you do with it. Roll up your sleeves and check it out! PRs welcome and the docs show you how to customize.

Use this to conduct your own research for building out NPCs using LLMs. Build your own pentest learning lab, or use it to create a Purple Teaming lab or class. I've focused on the API and building out three options to use the NPC endpoints.

Releasing this security lab environment called "GHOSTS Playground" - it implements the "GHOSTS framework" - what is GHOSTS? Read on... github.com/cmu-sei/GHOSTS #purpleteaming #pentest

@pwnEIP That’s awesome. I remember our adventures. You teaching?

In this modern age, battles are fought on many fronts. In Chapter 1 of the Aviata Cloud Solo Flight Challenge workshop series, @mosesrenegade will show you how to look at a target organization's misconfigured public items, and more. ✍️ Register now: sans.org/u/1uWv

@rootsecdev @SANSInstitute The link has been fixed for this @SANSOffensive workshop. The link was never supposed to expire. Generated a new link that shouldn't. Sorry about that. Here it is again: sans.org/webcasts/sans-…

Unfortunately the link expired to this old @SANSInstitute workshop. Would be super awesome if someone over at SANS posted the ova again or hosted a new free workshop to get folks interested in offensive cloud ops. That would be awesome 😎

@rootsecdev @SANSInstitute @SANSInstitute could we bring back that OVA link? I'll work on restoring the lab.purplecloud.network. I accidentally deleted the VPS hosting it.

@rootsecdev Hey saw your note over to @mosesrenegade . Believe it or not, I had that lab permanently hosted on a site and accidentally deleted it. Let me see if I can bring it back up soon. There was a workbook for it. I'll also ping SANS to see if they can bring back the OVA link.

If you do have a M365 dev tenant and want to get started with building out labs for red teams. Highly recommend this SANS free on demand course. SANS Workshop – Building an Azure Pentest Lab for Red Teams sans.org/webcasts/sans-…

Changes: * Added TLS hosting with new Caldera 5.0 VueJS app. Fixed an issue missing in Caldera docs preventing remote hosting. * Verified proper API for sending abilities against an agent. Added to terraform cheat sheet. * Removed Prelude Operator

Just released an update to my Adversary-as-Code automated security lab. But seriously :-). Updated to latest Caldera 5.0 update. Added API cheat sheet in terraform for sending abilities. Been playing with sending techniques over an API, lots of potential here for automation + offensive security engineering...#mitre #purpleteaming