Suzaku is a threat hunting and fast forensics timeline generator for cloud logs. (Imagine Hayabusa but for cloud logs instead of Windows event logs.) It is currently under active development with basic native sigma detection support for AWS...
openedr We at OpenEDR believe in creating a cybersecurity platform with its source code openly available to the public, where products and services can be provisioned and managed together. EDR is our starting point....
STRIDE GPT STRIDE GPT is an AI-powered threat modeling tool that leverages OpenAI’s GPT models to generate threat models and attack trees for a given application based on the STRIDE methodology. Users provide application...
WAF-A-MoLE A guided mutation-based fuzzer for ML-based Web Application Firewalls, inspired by AFL and based on the FuzzingBook by Andreas Zeller et al. Given an input SQL injection query, it tries to produce a semantic invariant query that is able...
Baitroute A web honeypot project that serves realistic, vulnerable-looking endpoints to detect vulnerability scans and mislead attackers by providing false positive results. It can be imported as a library into your project and is...
ESXi Testing Toolkit A command-line utility designed to help security teams test detections deployed in ESXi environments. It takes heavy inspiration from Atomic Red Team but provides ESXi-specific enhancements and a simpler user experience....
TamaGo – bare metal Go for ARM SoCs TamaGo is a project that aims to provide compilation and execution of unencumbered Go applications for bare metal ARM System-on-Chip (SoC) components. The projects spawns from...
Hfinger – fingerprinting HTTP requests Tool for fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage 🙂 Its main objective is to provide a representation of malware requests...
Hunt-Sleeping-Beacons This project is ( mostly ) a callstack scanner which tries to identify IOCs indicating an unpacked or injected C2 agent. All checks are based on the observation that C2 agents wait between...
AWS Threat Detection with Stratus Red Team This repository is a documentation of my adventures with Stratus Red Team – a tool for adversary emulation for the cloud. Stratus Red Team is “Atomic Red Team for the...
RogueSliver A suite of tools to disrupt campaigns using the Sliver C2 framework. This tool, its uses, and how it was created will be covered in depth on ACEResponder.com This tool is for educational purposes...
eBPFShield Welcome to eBPFShield, a powerful and intuitive security tool for monitoring and protecting your servers. Featuring both IP-Intelligence and DNS monitoring capabilities, eBPFShield utilizes the power of ebpf and python to provide real-time monitoring and actionable insights...
AntiSquat AntiSquat leverages AI techniques such as natural language processing (NLP), large language models (ChatGPT) and more to empower detection of typosquatting and phishing domains. What sets AntiSquat apart Large Language Model / ChatGPT...
SSH3: faster and rich secure shell using HTTP/3 SSH3 is a complete revisit of the SSH protocol, mapping its semantics on top of the HTTP mechanisms. In a nutshell, SSH3 uses QUIC+TLS1.3 for secure channel establishment...
IMDShift AWS workloads that rely on the metadata endpoint are vulnerable to Server-Side Request Forgery (SSRF) attacks. IMDShift automates the migration process of all workloads to IMDSv2 with extensive capabilities, which implements enhanced security...
ebpfmon ebpfmon is a tool for monitoring eBPF programs. It is designed to be used with bpftool from the Linux kernel. ebpfmon is a TUI (terminal UI) application written in Go that allows you to do real-time...