Security Operations

InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.

A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.

Largest open collection of Android malware samples, with 298 samples and contributions welcome.

CloudCopy implements a cloud version of the Shadow Copy attack to extract domain user hashes from AWS-hosted domain controllers by creating and mounting volume snapshots.

SMTP honeypot tool with configurable response messages, email storage, and automatic information extraction.

Datadog offers a comprehensive suite of cybersecurity tools for various aspects of application and infrastructure monitoring.

Beelzebub is an advanced honeypot framework for detecting and analyzing cyber attacks, with integration options for OpenAI GPT-3 and deployment on Kubernetes using Helm.

A collection of tools to debug and inspect Kubernetes resources and applications, managing eBPF programs execution and mapping kernel primitives to Kubernetes resources.

A powerful tool for detecting and identifying malware using a rule-based system.

A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.

Hackazon is a vulnerable web application storefront designed for security professionals to practice testing modern web technologies and identifying common vulnerabilities.

A honeypot designed to detect and analyze malicious activities in instant messaging platforms.

Automate security incident handling and facilitate real-time activities of incident handlers.

Sysreptor offers a customizable reporting solution for penetration testing and red teaming.

SentinelOne's Singularity Platform is an AI-powered enterprise security platform providing autonomous endpoint, cloud, identity, and data protection through its integrated XDR solution.

An open source repository of plugins for Rapid7 InsightConnect that enables security orchestration and automation through integrations with various security tools and services.

A tool for identifying and analyzing Java serialized objects in network traffic

Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.

Turbinia is an open-source framework for automating the running of common forensic processing tools to help with processing evidence in the Cloud.

Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.

Logdissect is a CLI utility and Python library for analyzing log files and other data.

Python script to parse the NTFS USN Change Journal.

A tool that generates Yara rules from training data using logistic regression and random forest classifiers.

A community-driven repository of pre-built security analytics queries and rules for monitoring and detecting threats in Google Cloud environments across various log sources and activity types.