Endpoint Security

House: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

A comprehensive utility that shows what programs are configured to run during system bootup or login, and when you start various built-in Windows applications.

An endpoint monitoring tool for Linux and macOS that reports file, socket, and process events to Zeek.

Endpoint security platform using Moving Target Defense to prevent cyber attacks and provide adaptive exposure management and threat prevention.

ARM TrustZone provides a secure execution environment for applications on ARM processors.

An Android-based self-defense application against forensic imaging tools like Cellebrite UFED.

shellfirm will prompt challenges to verify risky shell commands, acting as a captcha for your terminal.

A cross-platform software library for interacting with iOS devices without jailbreaking.

Enhances Windows OS security through system modifications and settings adjustments.

A behavior-based malware detection system for Android platforms that uses crowdsourcing to detect anomalies and malware in applications.

Doorman is an osquery fleet manager that allows administrators to remotely manage the osquery configurations retrieved by nodes.

A script that validates Group Policy Object audit settings required for proper Microsoft Defender for Endpoint functionality.

A tool to locally check for signs of a rootkit with various checks and tests.

YARA-Endpoint is a client-server architecture tool that can be used for endpoint protection and incident response.

A security checklist app for your Mac that helps you with basic security hygiene and prevents 80% of problems.

Do Not Disturb is a free open-source macOS security tool that detects unauthorized physical access to laptops.

ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.

ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.

Firejail is a Linux sandbox program that isolates untrusted applications using kernel namespaces, seccomp-bpf, and capabilities to reduce security breach risks.

A collection of utilities for working with USB devices on Linux

Enhance your Android experience with the AMAaaS Agent APK for better performance and improved user experience.

A repository containing scripts and configuration files to help administrators implement Microsoft AppLocker for application whitelisting based on NSA security guidelines.

DocBleach is a Content Disarm and Reconstruction software that sanitizes Office documents by removing potentially malicious dynamic content to prevent security threats.

Fleet is an open-source endpoint management platform that provides device management, vulnerability reporting, and security monitoring capabilities for IT and security teams managing large computer environments.