The Auditor app uses hardware-based security features to validate the identity of a device, along with the authenticity and integrity of the operating system. It ensures the device is running a verified operating system with a...
UAC (Unix-like Artifacts Collector) UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD,...
NamedPipeMaster NamedPipeMaster is a versatile tool for analyzing and monitoring in named pipes. It includes Ring3NamedPipeConsumer for direct server interaction, Ring3NamedPipeMonitor for DLL-based API hooking and data collection, and Ring0NamedPipeFilter for comprehensive system-wide monitoring....
CHIPSEC CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low-level interfaces, and forensic...
python-oletools oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format, or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for...
IRIS – Incident Response Investigation System IRIS is a web collaborative platform for incident response analysts allowing them to share investigations at a technical level. It’s a web application, so it can be either...
OXO Scan Orchestration Engine OXO is a security scanning framework built for modularity, scalability, and simplicity. OXO Engine combines specialized tools to work cohesively to find vulnerabilities and perform actions like recon, enumeration, fingerprinting,...
nullinux nullinux is an internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB null sessions. Unlike many of the enumeration tools...
SEMA – ToolChain using Symbolic Execution for Malware Analysis SEMA is based on angr, a symbolic execution engine used to extract API calls. Especially, we extend ANGR with strategies to create representative signatures based...
DNS Diagnostics and Performance Measurement Tools Ever been wondering if your ISP is hijacking your DNS traffic? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is...
osctrl osctrl is a fast and efficient osquery management solution, implementing its remote API as a TLS endpoint. With osctrl, you can monitor all your systems running osquery, distribute its configuration fast, collect all the status and result logs,...
NetAlertX – Network scanner & notification framework Get visibility of what’s going on on your WIFI/LAN network. Schedule scans for devices, port changes and get alerts if unknown devices or changes are found. Write...
BotKube BotKube integration with Slack, Mattermost, or Microsoft Teams helps you monitor your Kubernetes cluster, debug critical deployments, and gives recommendations for standard practices by running checks on the Kubernetes resources. You can also ask BotKube to execute...
chainsaw – Rapidly Search and Hunt through Windows Event Logs Chainsaw provides a powerful “first-response” capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through...
Tempest Tempest is a command and control framework written in 100% Rust. TEMPEST COMPONENTS: anvil – server 2 servers with APIs. All APIs are authenticated and unauth-discovery resistent. sqlite local database internal functions (building imps,...
The Bastion Bastions are a cluster of machines used as the unique entry point by operational teams (such as sysadmins, developers, database admins, …) to securely connect to devices (servers, virtual machines, cloud instances,...
