Think, Talk, Hack

Browsing category

Threat Intelligence

PatrOwl – Smart and Scalable Security Operations Orchestration Platform

PatrOwl is an advanced platform for orchestrating Security Operations like Penetration testing, Vulnerability Assessment, Code review, Compliance checks, Cyber-Threat Intelligence / Hunting and SOC & DFIR Operations. PatrowlManager is the Front-end application for managing the assets, reviewing risks on real-time, orchestrating the operations (scans, searches, API calls, …), aggregating the results, relaying alerts on third […]

root

AIL framework – Framework for Analysis of Information Leaks

AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams. AIL framework is flexible and can be extended to support other functionalities to mine or process sensitive information (e.g. data leak prevention). Features Modular architecture to handle streams of unstructured […]

root

BLUESPAWN – Windows Defense Tool to Empower Blue Teams

BLUESPAWN helps blue teams monitor Windows systems in real-time against active attackers by detecting anomalous activity Why we made BLUESPAWN We’ve created and open-sourced this for a number of reasons which include the following: Move Faster: We wanted tooling specifically designed to quickly identify malicious activity on a system Know our Coverage: We wanted to […]

root

HELK – The Hunting ELK

The Hunting ELK or simply the HELK is one of the first open source hunt platforms with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack. This project was developed primarily for research, but due to its flexible design […]

root

OpenCTI – Open Cyber Threat Intelligence Platform

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats. The structuration of the data is performed using a knowledge schema based on the STIX2 standards. It has been […]

root

ATIS – Automated Threat Intelligent System integrated with McAfee Advanced Threat Defense and Malware Information Sharing Platform.

An improvised automated threat intelligent system with advanced vulnerability scanners and Opensource Intelligence Information gathering python scripts when integrated with McAfee Advanced Threat Defense and Malware Information Sharing Platform can defend against new and futuristic cyber attacks. ATD-MISP with OpenDXL This integration is focusing on the automated threat intelligence collection with McAfee ATD, OpenDXL and […]

root

Shadow-Box: Lightweight and Practical Kernel Protector for x86

Shadow-box is a security monitoring framework for operating systems using state-of-the-art virtualization technologies. Shadow-box has a novel architecture inspired by a shadow play. We made Shadow-box from scratch, and it is primarily composed of a lightweight hypervisor and a security monitor. The lightweight hypervisor, Light-box, efficiently isolates an OS inside a guest machine and projects […]

root

Cyber Threat Intelligence Tools List For Hackers and Security Professionals

Threat Intelligence Tools are more often used by security industries to test the vulnerabilities in network and applications. It helps for the collection and analysis of information about current and potential attacks that threaten the safety of an organization or its assets. Here you can find the Comprehensive Threat Intelligence Tools list that covers Performing […]

root

stoQ – Open Source Framework for Enterprise level Automated Analysis

stoQ is an automation framework that helps to simplify the more mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps team the ability to quickly transition from different data sources, databases, decoders/encoders, and numerous other tasks. It was designed to be enterprise-ready and scalable, while also being lean enough […]

root

Election Buster – Defending Elections from Foreign Adversaries

Election Buster is an open source tool created in 2014 to identify malicious domains masquerading as candidate webpages and voter registration systems. During 2016, fake domains were used to compromise credentials of a Democratic National Committee (DNC) IT services company, and foreign adversaries probed voter registration systems. The tool now cross-checks domain information against open […]

root

Detect Evil Maid Attacks: Do Not Disturb

Physical access (or “evil maid”) attacks are some of the most insidious threats faced by those of us who travel with our Macs. Do Not Disturb (DND) is a free, open-source utility that aims to detect and alert you of such attacks! One of the best ways to compromise a computer is with physical access. […]

root

ElasticIntel – Serverless, Low Cost, Threat Intel Aggregation

ElasticIntel is serverless, low cost, threat intel aggregation for enterprise or personal use, backed by ElasticSearch. It is an alternative to expensive threat intel aggregation platforms which ingest the same data feeds you could get for free. ElasticIntel is designed to provide a central, scalable and easily queryable repository for threat intelligence of all types. […]

root

CyBot – Open Source Threat Intelligence Chat Bot

Threat intelligence chat bots are useful friends. They perform research for you and can even be note takers or central aggregators of information. However, it seems like most organizations want to design their own bot in isolation and keep it internal. To counter this trend, our goal was to create a repeatable process using a […]

root