Cirro is an extensible security research platform that enables researchers and penetration testers to collect, analyze, and visualize cloud environments and identity relationships through graph databases.
MAP AND ANALYZE CLOUD RELATIONSHIPS TO UNCOVER SECURITY RISKS
Cloud graph tools often focus heavily on identity relationships within the management plane, but risk also emerges when those relationships interact with configuration that may lead to data access. Cirro focuses on mapping management plane permissions while enriching them with configuration context and data plane visibility to show how access can be used in practice.
By combining management plane mapping with configuration insights and data plane context, Cirro helps uncover how control over systems can lead to real-world impact, making hidden risks easier to identify and understand.
Cirro is a framework for modeling cloud environments as relationship graphs, built to help you find and understand attack paths. It takes identities, resources, and configurations and connects them into a single view so you can see how permissions and settings combine into real, multi-step paths that aren’t obvious from raw data alone.
Cirro fills a gap in cloud security tooling by tying together management access, configuration details, and data exposure, making it easier to see how an attacker could pivot through an environment.
BISHOP FOX SECURITY RESEARCHER
Leron Gray is a Senior Security Consultant II on Bishop Fox's Red Team. He previously worked at Microsoft on the Azure Red Team and as a Cryptologic Technician (Networks) for the U.S. Navy.
Leron holds a Masters in Cyber Defense from Dakota State University and is a PhD candidate for Cyber Operations. He has a graduate certification in penetration testing and ethical hacking from SANS Technology Institute.
Get started with Cirro
Explore attack paths
Explore Cirro and start mapping real attack paths across your Azure environment today.
Watch Workshop
Inside Cirro: Mapping Attack Paths in Azure
This workshop shows how Cirro maps identities and roles into attack paths using graph-based analysis.
Cloudfox
Command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. Currently supports AWS & GCP.
Sliver
Cross-platform general purpose implant framework designed to be an open-source alternative to Cobalt Strike. It supports asymmetrically encrypted C2 over DNS, HTTP, HTTPS, and Mutual TLS, and supports multiplayer mode for collaboration.
IAM Vulnerable
IAM Vulnerable uses the Terraform binary and your AWS credentials to deploy over 250 IAM resources into your selected AWS account. Within minutes, you can start learning how to identify and exploit vulnerable IAM configurations that allow for privilege escalation.
This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.
