||Assemblyline is a malware detection and analysis tool developed by the CSE and released to the cybersecurity community in October 2017.
||Moloch augments your current security infrastructure by storing and indexing network traffic in standard PCAP format, while also providing fast indexed access. Moloch is not meant to replace Intrusion Detection Systems (IDS), instead it provides more visibility. Moloch is built with an intuitive UI/UX which reduces the analysis time of suspected incidents.
||cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs.
||Free threat intelligence aggregated, parsed and delivered by Critical Stack, Inc for the Bro network security monitoring platform.
||Critical Stack Intel
||Cloud Inquisitor improves the security posture of an AWS footprint through, monitoring AWS objects for ownership attribution, notifying account owners of unowned objects, and subsequently removing unowned AWS objects if ownership is not resolved, detecting domain hijacking, verifying security services such as Cloudtrail and VPC Flowlogs, and managing IAM policies across multiple accounts.
||CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within enterprise networks. ThreatHunter-Playbook Atomic Red Team Metta unfetter
||An Integrated Multiuser Pentest Environment that maps and leverages all the knowledge you generate in real time.
||SELKS is both Live and installable Network Security Management ISO based on Debian implementing and focusing on a complete and ready to use Suricata IDS/IPS ecosystem with its own graphic rule manager.
||PowerShell script which allows pausing\unpausing Win32/64 exes
||Xplico is a network forensics analysis tool, which is a software that reconstructs the contents of acquisitions performed with a packet sniffer.
||A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics.
||A tool that allows you to tunnel over DNS
||DNScapy is a DNS tunneling tool. The code is very light and written in Python. It includes a server and a client. The server can handle multiple clients.
||iodine lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed.
||Cobalt Strike is software for Adversary Simulations and Red Team Operations.
||Python wrapper for tshark, allowing python packet parsing using wireshark dissectors.
||BetterCAP is a powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.
||Dsniff is a set of password sniffing and network traffic analysis tools written by security researcher and startup founder Dug Song to parse different application protocols and extract relevant information.
||Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.
||Exfiltrate data over ICMP
||Imagine doing that, but for file reads, database queries, process executions, patterns in log files, Bitcoin transactions or even Linkedin Profile views. Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots.
||Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations.
||Netflix Security Monkey
||Use DNS to hunt for threats including DGAs
||Santa is a binary whitelisting/blacklisting system for macOS. It consists of a kernel extension that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in case of a block decision and a command-line utility for managing the system and synchronizing the database with a server.
||Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator.
||JA3 is a method for creating SSL/TLS client fingerprints that are easy to produce and can be easily shared for threat intelligence.
||Bootstraps an AWS account with everything you need to generate, mangage, and distribute and alert on AWS honey tokens. Made with breakfast roti by the Atlassian security team.
||Gauntlt provides hooks to a variety of security tools and puts them within reach of security, dev and ops teams to collaborate to build rugged software. It is built to facilitate testing and communication between groups and create actionable tests that can be hooked into your deploy and testing processes.