kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this by monitoring kernel calls, and denying access as soon as your defined...
CRADLE is an open-source web application designed to empower Cyber Threat Intelligence (CTI) analysts. The platform streamlines threat analysis workflows through collaborative note-taking, visual relationship mapping, and comprehensive report generation. In today’s rapidly evolving...
StackRox Kubernetes Security Platform The StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment. StackRox...
RouterOS configuration analyzer to find security misconfigurations and vulnerabilities. Sara does not bypass authentication, exploit vulnerabilities, or alter RouterOS configurations. It works in read-only mode, requiring no administrative privileges. If you are unsure about the interpretation...
Mimicry Mimicry is a security tool developed by Chaitin Technology for active deception in exploitation and post-exploitation. Active deception can live to migrate the attacker to the honeypot without awareness. We can achieve a...
Tarian Protect your applications running on Kubernetes from malicious attacks by pre-registering your trusted processes and trusted file signatures. Tarian will detect unknown processes and changes to the registered files, then it will send...
RPCMon A GUI tool for scanning RPC communication through Event Tracing for Windows (ETW). The tool was published as part of research on RPC communication between the host and a Windows container. Overview RPCMon...
Suzaku is a threat hunting and fast forensics timeline generator for cloud logs. (Imagine Hayabusa but for cloud logs instead of Windows event logs.) It is currently under active development with basic native sigma detection support for AWS...
openedr We at OpenEDR believe in creating a cybersecurity platform with its source code openly available to the public, where products and services can be provisioned and managed together. EDR is our starting point....
STRIDE GPT STRIDE GPT is an AI-powered threat modeling tool that leverages OpenAI’s GPT models to generate threat models and attack trees for a given application based on the STRIDE methodology. Users provide application...
WAF-A-MoLE A guided mutation-based fuzzer for ML-based Web Application Firewalls, inspired by AFL and based on the FuzzingBook by Andreas Zeller et al. Given an input SQL injection query, it tries to produce a semantic invariant query that is able...
Baitroute A web honeypot project that serves realistic, vulnerable-looking endpoints to detect vulnerability scans and mislead attackers by providing false positive results. It can be imported as a library into your project and is...
ESXi Testing Toolkit A command-line utility designed to help security teams test detections deployed in ESXi environments. It takes heavy inspiration from Atomic Red Team but provides ESXi-specific enhancements and a simpler user experience....
TamaGo – bare metal Go for ARM SoCs TamaGo is a project that aims to provide compilation and execution of unencumbered Go applications for bare metal ARM System-on-Chip (SoC) components. The projects spawns from...
Hfinger – fingerprinting HTTP requests Tool for fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage 🙂 Its main objective is to provide a representation of malware requests...
Hunt-Sleeping-Beacons This project is ( mostly ) a callstack scanner which tries to identify IOCs indicating an unpacked or injected C2 agent. All checks are based on the observation that C2 agents wait between...