Security offerings for AWS Control Tower

Last update: Oct 22, 2021

Overview

Caylent Security Catalyst Reference Architecture Examples

This repository contains solutions for Caylent's Security Catalyst. The Security Catalyst is an additional offering to our customized AWS Control Tower Solution. This Security Solutions will help your organization deploy AWS security-related services in a multi-account environment following patterns that align with the AWS Security Reference Architecture.

The resources created in these solutions have IAM roles and policies that following the practice of least priveledge. They will need to be modified to suit your organization's needs.

The examples within this repository have been deployed and tested using the corresponding deployment platform (e.g. AWS Control Tower and AWS CloudFormation StackSets).

Security Catalyst Example Solutions

CloudTrail
- Organization CloudTrail
Config
Firewall Manager
- Organization Firewall Manager
GuardDuty
- Organization GuardDuty
IAM
- Access Analyzer
- Account Password Policy
Macie
- Organization Macie
SecurityHub
- Account SecurityHub Enabler

Extras

Prerequisites for AWS Control Tower solutions
packaging-scripts
- package-lambda.sh (Creates the Lambda zip file and uploads to an S3 bucket)

Repository and Solution Naming Convention

The repository is organized by AWS service solutions, which include deployment platforms (e.g., AWS Control Tower and AWS CloudFormation StackSet).

Example:

.
|-- solutions
    |-- guardduty
        |-- guardduty-org
            |-- aws-control-tower/
                |-- parameters/
                |-- manifest.yaml
           |-- code/src/
               |-- app.py
               |-- requirements.txt
           |-- templates/
               |-- guardduty-org-configuration.yaml
               |-- ...
    |-- ...

The example solutions within this repository can be managed/deployed to accounts using AWS Organizations or directly within individual accounts. The suffix on the solution name identifies how the solution is managed/deployed.

Solution Suffix	Description
acct	The solution is managed/deployed within each account
org	The solution is managed/deployed to accounts via AWS Organizations
ou	The solution is managed/deployed to accounts via Organization Units

Author

Caylent Inc.

Security offerings for AWS Control Tower

Related tags

Overview

Caylent Security Catalyst Reference Architecture Examples

Security Catalyst Example Solutions

Extras

Repository and Solution Naming Convention

Author

Owner

Steven Connolly

A DOM-based G-Suite password sprayer and user enumerator

Complet and easy to run Port Scanner with Python

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

Industry ready custom API payload with an easy format for building Python APIs (Django/Django Rest Framework)

A simple Outline Server Access Key Copy and Paste Web Interface

A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021)

The Easiest Way To Gallery Hacking

Python program that generates secure passwords.

Receive notifications/alerts on the most recent disclosed CVE's.

Automated tool to find & created Exploit Poc for Clickjacking Vulnerability

A tool combined with the advantages of masscan and nmap

Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

Port scanner tool with easy installation

Yet another web fuzzer

Password database With special stuff

Tools to make working the Arch Linux Security Tracker easier

Valeria stealer- - (4Feb 2022) program detects wifi saved passwords in your ROM

大宝剑-信息收集和资产梳理工具（红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配）

Patching - Interactive Binary Patching for IDA Pro