Attempting to Keep a Fertile Security Mind

Tracking Security Projects, Tools, and Books in an attempt to help grow and maintain a well balanced security focused mind.

This site is a collection of security projects, tools, and books that I find intriguing. As I find time to delve into these different security projects, tools, and books, I will write about it here. Some of my notes collected are incomplete...I apologize and will complete them as quickly as I can. I suffer from wanting to learn/read about almost everything security related but lack enough time. A lot of what is posted here is a placeholder for myself. My hope is that some of what I share can help others as they work on building a fertile security mind.

Tools List

Project Name Description Website
Assemblyline Assemblyline is a malware detection and analysis tool developed by the CSE and released to the cybersecurity community in October 2017. Assemblyline
Moloch Moloch augments your current security infrastructure by storing and indexing network traffic in standard PCAP format, while also providing fast indexed access. Moloch is not meant to replace Intrusion Detection Systems (IDS), instead it provides more visibility. Moloch is built with an intuitive UI/UX which reduces the analysis time of suspected incidents. Moloch
cve-search cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. cve-search
critical stack Free threat intelligence aggregated, parsed and delivered by Critical Stack, Inc for the Bro network security monitoring platform. Critical Stack Intel
Cloud Inquisitor Cloud Inquisitor improves the security posture of an AWS footprint through, monitoring AWS objects for ownership attribution, notifying account owners of unowned objects, and subsequently removing unowned AWS objects if ownership is not resolved, detecting domain hijacking, verifying security services such as Cloudtrail and VPC Flowlogs, and managing IAM policies across multiple accounts. Cloud Inquisitor
CALDERA CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within enterprise networks. 🎯 ThreatHunter-Playbook 🎯 Atomic Red Team 🎯 Metta 🎯 unfetter CALDERA
Faraday Sec An Integrated Multiuser Pentest Environment that maps and leverages all the knowledge you generate in real time. Faraday
SELKS SELKS is both Live and installable Network Security Management ISO based on Debian implementing and focusing on a complete and ready to use Suricata IDS/IPS ecosystem with its own graphic rule manager. SELKS
Pause-Process PowerShell script which allows pausing\unpausing Win32/64 exes Pause-Process
Xplico Xplico is a network forensics analysis tool, which is a software that reconstructs the contents of acquisitions performed with a packet sniffer. Xplico
passivedns A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics. passivedns
OZYMANDNS A tool that allows you to tunnel over DNS OZYMANDNS
DNScapy DNScapy is a DNS tunneling tool. The code is very light and written in Python. It includes a server and a client. The server can handle multiple clients. DNScapy
iodine iodine lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed. iodine
Cobalt Strike Cobalt Strike is software for Adversary Simulations and Red Team Operations. Cobalt Strike
pyshark Python wrapper for tshark, allowing python packet parsing using wireshark dissectors. pyshark
BetterCAP BetterCAP is a powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more. BetterCAP
dsniff Dsniff is a set of password sniffing and network traffic analysis tools written by security researcher and startup founder Dug Song to parse different application protocols and extract relevant information. dsnif
Yersinia Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Yersinia
PingExfil2.ps1 Exfiltrate data over ICMP PingExfil2.ps1
Canarytokens Imagine doing that, but for file reads, database queries, process executions, patterns in log files, Bitcoin transactions or even Linkedin Profile views. Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots. Canarytokens
Security Monkey Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. Netflix Security Monkey
DNS-Hunting Use DNS to hunt for threats including DGAs DNS-Hunting
Santa Santa is a binary whitelisting/blacklisting system for macOS. It consists of a kernel extension that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in case of a block decision and a command-line utility for managing the system and synchronizing the database with a server. Santa
Invoke-Obfuscation Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator. Invoke-Obfuscation
ja3 JA3 is a method for creating SSL/TLS client fingerprints that are easy to produce and can be easily shared for threat intelligence. ja3
Project Spacecrab Bootstraps an AWS account with everything you need to generate, mangage, and distribute and alert on AWS honey tokens. Made with breakfast roti by the Atlassian security team. Spacecrab
GAUNTLT Gauntlt provides hooks to a variety of security tools and puts them within reach of security, dev and ops teams to collaborate to build rugged software. It is built to facilitate testing and communication between groups and create actionable tests that can be hooked into your deploy and testing processes. Gauntlt

Exploit Tools

Exploit Name Description Website
iMessagesBackdoor A script to help set up an event handler in order to install a persistent backdoor that can be activated by sending a message. iMessagesBackdoor
EvilOSX A pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX. EvilOSX
mimikatz It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets. mimikatz

Tool "Suites" or Distros

Exploit Name Description Website
Black Hat Arsenal Tools This github account maps to the Black Hat Arsenal tools since its inception in 2011. For readibility, the tools are classified by category and not by session. Black Hat Arsenal Tools
Didier Stevens Tools This list is a work in progress (i.e. it will never be completely up-to-date). It will list all my published software with cross-referenced blogposts. Didier Stevens Blog
Talos Software Talos comprises of leading-edge cyber threat intelligence team providing various network security solutions. They produce several security tools which include Snort, ClamAV, Razorback, and more. Talos Software
Parrot Professional tools for security testing, software development and privacy defense, all in one place. Parrot

Book List

Book Title Author Purchased Digital or Physical
Real-World Bug Hunting Peter Yaworski No -
The Practice of Network Security Monitoring Richard Bejtlich Yes Both
Coding iPhone Apps for Kids Winquest & McCarthy Yes Both
https://www.nostarch.com/blackhatpython Justin Seitz Yes Digital
iOS Application Security David Thiel Yes Digital
Metasploit David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni Yes Both
Practical Packet Analysis Chris Sanders Yes Both
Silence on the Wire Michal Zalewski Yes Digital
Car Hacker's Handbook Craig Smith Yes Digital

Personal Projects

Project Name Project Description Website
OSX Strata OS X Strata builds upon Yelps OSXCollector, providing a user interface to analyze data collected from a potentially compromised system. https://github.com/wfsec/osxstrata

Resources

Resource Name Description Website
Awesome Threat Detection and Hunting - 0x4D31 A curated list of awesome threat detection and hunting resources. Awesome Threat Detection and Hunting
AuditScripts The Critical Security Controls focuses first on prioritizing security functions that are effective against the latest Advanced Targeted Threats, with a strong emphasis on “What Works” – security controls where products, processes, architectures and services are in use that have demonstrated real world effectiveness. Critical Security Controls