FalconHound: A blue team multi-tool
FalconHound FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with an SIEM...
Category: Network Defense
pcap-did-what: Analyze pcaps with Zeek and a Grafana Dashboard
Zeek & Grafana Integration for Network Monitoring This repository provides a quick way to get started using Zeek with a practical use case. The focus is to analyse a network pcap and enable easy...
Attack Flow: Illuminating the Anatomy of Cyber Threats
Attack Flow The Attack Flow project helps defenders move from tracking individual adversary behaviors to tracking the sequences of behaviors that adversaries employ to move towards their goals. By looking at combinations of behaviors,...
Maltrail: Malicious traffic detection system
Maltrail Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where the trail...
CrowdSec: Real-time & crowdsourced protection against aggressive IPs
Crowdsec CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban’s philosophy but is IPV6 compatible and 60x faster (Go vs Python), it...
OpenCTI: Open Cyber Threat Intelligence Platform
OpenCTI OpenCTI is an open-source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created to structure, store, organize, and visualize technical and non-technical information about cyber threats....
prometheus: monitoring system and time series database
Prometheus Prometheus, a Cloud Native Computing Foundation project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some...
kunai: Threat hunting tool for Linux
kunai The goal behind this project is to bring relevant events to achieve various monitoring tasks ranging from security monitoring to Threat Hunting on Linux-based systems. If you are familiar with Sysmon on Windows,...
Windows 10/11 Hardening Script: enhances the security of Windows operating
Windows 10/11 Hardening Script This script enhances the security of Windows operating systems by making various system modifications. It includes adjusting settings, policies, and features to reduce vulnerabilities and protect against various cyber threats....
CloudGrappler: A powerful open-source threat detection tool for cloud evironments
CloudGrappler CloudGrappler is a purpose-built tool designed for effortless querying of high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and Azure. Key Features Threat Actor Querying...
KubeHound: Create a graph of attack paths in a Kubernetes cluster
KubeHound KubeHound creates a graph of attack paths in a Kubernetes cluster, allowing you to identify direct and multi-hop routes an attacker can take, visually or through complex graph queries. KubeHound can identify more...
dahn: Deceptively Adaptive Honey Net
dahn – Deceptively Adaptive Honey Net Traditional honey nets offer static infrastructure and static responses. In DAHN, the infrastructure is abstracted, with lambda/gpt API (prompts stipulated) returning seemingly native responses to the threat actor,...
Concealment Layer: Reverse Proxy for Concealing and Deceiving Website Information
Concealment Layer – Reverse Proxy for Concealing and Deceiving Website Information CLay offers a unique and powerful feature that goes beyond traditional security measures. CLay takes deception to a new level by mimicking the...
