Browsing category
ByteDance-HIDS is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture. ByteDance-HIDS comprises three major components: ByteDance-HIDS Agent, co-worked with ByteDance-HIDS Driver, is the game-changer for the Data Collection market. It works at both Kernel and User Space of Linux System, providing rich data flow […]
Swiss army knife Webserver in Golang. Keep simple like the python SimpleHTTPServer but with many features. Usage Help $ ./webserver -help web subcommand -bind string Bind Port (default “8080”) -certificate string HTTPS certificate : openssl req -new -x509 -sha256 -key server.key -out server.crt -days 365 -gzip Enables gzip/zlib compression (default true) -help Print usage […]
Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly. It is a complete operating system designed to be used from a […]
Set of tools for security testing of Internet of Things devices using protocols like: CoAP, DTLS, HTCPCP, mDNS, MQTT, SSDP. Installation: Simply clone code from git: https://github.com/Samsung/cotopaxi Requirements: Currently Cotopaxi works only with Python 2.7.x, but future versions will work also with Python 3. If you have previous installation of scapy without scapy-ssl_tls, please remove it or […]
These files contain configuration for producing EDR (endpoint detection and response) data in addition to standard system logs. These configurations enable the production of these data streams using F/OSS (free and / or open source tooling.) The F/OSS tools consist of Auditd for Linux; Sysmon for Windows and Xnumon for the Mac. Also included […]
DumpsterFire Toolset – “Security Incidents In A Box!” The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Turn […]
ArmourBird CSF – Container Security Framework is an extensible, modular, API-first framework build for regular security monitoring of docker installations and containers against CIS and other custom security checks. ArmourBird CSF has a client-server architecture and is thus divided into two components: a) CSF Client This component is responsible for monitoring the docker installations, […]
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of […]
The risk level regarding Active Directory security has changed. Several vulnerabilities have been made popular with tools like mimikatz or sites likes adsecurity.org. Ping Castle is a tool designed to assess quickly the Active Directory security level with a methodology based on risk assessment and a maturity framework. It does not aim at a […]
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditing tool. Used by system administrators, security […]
This software project is a result of a Bachelor’s thesis created at SCHUTZWERK in collaboration with Aalen University by Philipp Schmied.Please refer to the corresponding blog post for more information. Why another CAN tool? Built from scratch with new ideas for analysis mechanisms Bundles features of many other tools in one place Modular and extensible: […]
The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. The tests are all automated, and are inspired by the CIS Docker Community Edition Benchmark v1.1.0. We are releasing this as a follow-up to our Understanding Docker Security and Best Practices blog post. We […]
Microsoft signed DLL for the ActiveDirectory PowerShell module Just a backup for the Microsoft’s ActiveDirectory PowerShell module from Server 2016 with RSAT and module installed. The DLL is usually found at this path: C:WindowsMicrosoft.NETassemblyGAC_64Microsoft.ActiveDirectory.Management and the rest of the module files at this path: C:WindowsSystem32WindowsPowerShellv1.0ModulesActiveDirectory Usage You can copy this DLL to your machine and […]
Nubia is a lightweight framework for building command-line applications with Python. It was originally designed for the “logdevice interactive shell (aka. ldshell)” at Facebook. Since then it was factored out to be a reusable component and several internal Facebook projects now rely on it as a quick and easy way to get an intuitive shell/cli […]
Telebix is an application that communicates with a Bot on the Telegram to receive commands and send information from an infrastructure monitored by Zabbix, which also sends messages in real time if any problems occur in the infrastructure, it is totally written in Python with Shell Script and has a graphical interface to help the […]
PatrOwl is a scalable, free and open-source solution for orchestrating Security Operations. PatrowlManager is the Front-end application for managing the assets, reviewing risks on real-time, orchestrating the operations (scans, searches, API calls, …), aggregating the results, relaying alerts on third parties (ex: Incident Response platform like TheHive, Splunk, …) and providing the reports and dashboards. […]
Nameles provides an easy to deploy, scalable IVT detection and filtering solution that is proven to detect at a high level of accuracy ad fraud and other types of invalid traffic such as web scraping. For a high level overview you might want to check out the website If you have any questions or need […]
A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general. Installation Download and install the latest version of Fiddlerhttps://www.telerik.com/fiddler Special instructions for Linux and Mac here:https://www.telerik.com/blogs/fiddler-for-linux-beta-is-herehttps://www.telerik.com/blogs/introducing-fiddler-for-os-x-beta-1 Enable C# scripting (Windows only) Launch Fiddler, and go to Tools -> Options In the Scripting tab, change the default (JScript.NET) […]
Investigate malicious logon by visualizing and analyzing Windows active directory event logs. Concept LogonTracer associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occurs and which host is used. This tool […]
GlobaLeaks is open-source / free software intended to enable secure and anonymous whistleblowing initiatives developed by the Hermes Center for Transparency and Digital Human Rights. For the user manual refer to the GlobaLeaks’s User Manual. For the developer documentation refer to the GlobaLeaks’s Developer Documentation. Features Configurable submission contexts and questionnaires Single and multiple recipients […]
Automate SSH communication with firewalls, switches, etc. Description These scripts are designed to automate sending commands to a Cisco ASA firewall. The intended purpose here is to eliminate the need to manually log in to a firewall to make changes. This code can be run directly via command line or it can be incorporated into […]