Deploy a SOC using Kali Linux in AWS

The Kali SOC in AWS project is a Terraform-based implementation that enables the deployment of a Security Operations Center (SOC) in AWS, utilizing the Kali Linux toolset for purple team activities. This environment is ideal for honing skills in security operations, threat detection, incident response, and training scenarios. The project is inspired by the original CloudFormation-based deployment by ZoccoCss.

Kali SOC

About the Kali SOC project

“I created this project to address the need for accessible and customizable detection and threat hunting labs. People often ask me for advice on building labs, and I wanted to provide a solution that anyone can easily set up, regardless of their technical expertise. The goal was to empower users with a fully customizable lab environment while keeping the setup simple enough for beginners. I also use it to perform threat hunts and analyze current Indicators of Compromise (IOCs), making it a practical tool for real-world applications,” Tayvion Payton, the creator of Kali SOC in AWS, told Help Net Security.

This Terraform implementation provides:

  • Modularized infrastructure management using best practices for reusability and scalability.
  • Equivalent components to the CloudFormation stack with added flexibility for those more familiar with Terraform as an IaC tool.
  • Automation of VPC creation, subnets, routing, security groups, network interfaces, and EC2 instances.

“This lab stands out for its balance of simplicity and flexibility. By leveraging Terraform for deployment, it allows users to create a complete SOC environment with minimal effort while offering the freedom to tailor the setup to their specific needs. The inclusion of Kali Purple enhances its uniqueness, as it provides both offensive and defensive security tools in one environment. Furthermore, the project is designed to give users complete control over their lab, making it adaptable for learning, experimentation, or operational use,” Payton explained.

Future plans and download

“I plan to expand the project to support deployments across multiple cloud environments, starting with Google Cloud Platform (GCP). This will give users greater flexibility to choose the cloud provider that best suits their needs and infrastructure,” Payton concluded.

Kali SOC in AWS is available for free download on GitHub.

Must read:

OPIS OPIS


Don't miss