AirIAM AirIAM is an AWS IAM to least privilege the Terraform execution framework. It compiles AWS IAM usage and leverages that data to create a least-privilege IAM Terraform that replaces the exiting IAM management...
DeepBlueCLI DeepBlueCLI – a PowerShell Module for Threat Hunting via Windows Event Logs. Windows Event Logs processed Windows Security Windows System Windows Application Windows PowerShell Sysmon Command Line Logs processed See Logging setup section below for...
Cloud Security Operations What is Cloud Sniper? Cloud Sniper is a platform designed to manage Cloud Security Operations. It is a platform intended to respond to security incidents by accurately analyzing and correlating native...
MSTIC Jupyter and Python Security Tools Microsoft Threat Intelligence Python Security Tools. The msticpy package was initially developed to support Jupyter Notebooks authoring for Azure Sentinel. Many of the included tools can be used in other security scenarios for...
BSF – Botnet Simulation Framework BSF provides a discrete simulation environment to implement and extend peer-to-peer botnets, tweak their settings, and allow defenders to evaluate monitoring and countermeasures. Synopsis In the arms race between...
ATTPwn ATTPwn is a computer security tool designed to emulate adversaries. The tool aims to bring emulation of a real threat into closer contact with implementations based on the techniques and tactics from the...
The Auditor app uses hardware-based security features to validate the identity of a device along with the authenticity and integrity of the operating system. It will verify that the device is running the stock operating...
Get-RBCD-Threaded A tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments. How it works Get-RBCD-Thread will query all Active Directory users, groups (minus privileged groups like “Domain Admins” and “BUILTIN\Administrators”), and...
Chain Reactor Chain Reactor is an open-source framework for composing executables that can simulate adversary behaviors and techniques on Linux endpoints. Executables can perform sequences of actions like process creation, network connections and more, through...
Incident Response Generator This application simulates an attack on AWS infrastructure. It was built for the Securosis/Cloud Security Alliance Advanced Cloud Security Practitioner training class. This code is designed to be run inside an...
opensquat openSquat is an opensource Intelligence (OSINT) R&D project to identify cybersquatting threats to specific companies or domains, such as: Domain squatting Typosquatting IDN homograph attacks Phishing Scams It does support some key features such as:...
PlumHound – BloodHoundAD Report Engine for Security Teams Released as Proof of Concept for Blue and Purple teams to more effectively use BloodHoundAD in continual security life-cycles by utilizing the BloodHoundAD pathfinding engine to...
What is sandfly-filescan? sandfly-filescan is a utility to quickly scan files and report on their entropy (a measure of randomness) and if they are a Linux/Unix ELF type executable. Some malware for Linux is packed...
jeopardize Jeopardize tool is developed to provide basic threat intelligence&response capabilities against phishing domains at the minimum cost as possible. It detects registered phishing domain candidates (typosquatting, phonograph, etc.), analyzes them, and assigns a...
Kick-start your kubernetes cluster with the Stakater Platform. A consolidated solution for logging, tracing, monitoring, delivery, security and much more. It gives you a head start for managing your kubernetes cluster by providing open-source...
Secure Your Connection
