spacecrab: open source AWS toolset
SPACECRAB
Bootstraps an AWS account with everything you need to generate, manage, and distribute and alert on AWS honeytokens. Made with breakfast roti by the Atlassian security team.
AWS access keys are always a target for attackers and there’s no way for them to determine a key is a honeytoken up front. The attacker attempt to use it on the Internet access, fully logged, AWS API.
It’s trivial to create one access key and use it as a honey token but it quickly became impossible to create hundreds or thousands and automatically expire them, report on them, and alert on them. The goodies in this repo make all of that easy and secure.
SPACECRAB’s three main components are:
- A datastore for keeping records about honey tokens you’ve deployed (when they were produced, where they’ve been deployed, who owns them, etc.)
- Some lambda functions for creating and managing honey tokens
- An extensible alerting pipeline you can configure to set off alarms when one of your tokens is used
How does PROJECT SPACECRAB actually work?
Download && Tutorial
Copyright @ 2017 Atlassian and others.