Security Operations

Autopsy is a GUI-based digital forensics platform for analyzing hard drives and smart phones, with a plug-in architecture for custom modules.

TestDisk checks disk partitions and recovers lost partitions, while PhotoRec specializes in recovering lost pictures from digital camera memory or hard disks.

Interactive incremental disassembler with data/control flow analysis capabilities.

A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.

A powerful tool for hiding the true location of your Teamserver, evading detection from Incident Response, redirecting users, blocking specific IP addresses, and managing Malleable C2 traffic in Red Team engagements.

A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL

Stegextract is a Bash script that extracts hidden files and strings from images, supporting PNG, JPG, and GIF formats.

A library for accessing and parsing Extensible Storage Engine (ESE) Database Files used by Microsoft applications like Windows Search, Exchange, and Active Directory for forensic analysis purposes.

A comprehensive repository of open-source security tools organized by attack phases for red team operations, adversary simulation, and threat hunting purposes.

An open-source Python software for creating honeypots and honeynets securely.

Fast suspicious file finder for threat hunting and live forensics.

A simple Elasticsearch honeypot to catch attackers exploiting RCE vulnerabilities.

Tool for analyzing Windows Recycle Bin INFO2 file

A multi-platform open source tool for triaging suspect systems and hunting for Indicators of Compromise (IOCs) across thousands of endpoints.

A wargaming network for penetration testers to practice their skills in a realistic environment.

A post-exploitation tool for pentesting Active Directory

A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.

A web application honeypot sensor attracting malicious traffic from the Internet

JD-GUI is a graphical Java decompiler that reconstructs and displays source code from compiled ".class" files for reverse engineering and code analysis purposes.

A hands-on cybersecurity laboratory environment for Gray Hat Hacking Chapter 29 that creates virtualized Docker and Kali Linux machines using Terraform for practical security training exercises.

Insights on Red Teaming for Pacific Rim CCDC 2016 competition, focusing on preparation, operations plan, and automation.

A guide to brute forcing DVWA on the high security level with anti-CSRF tokens

A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.

A deliberately vulnerable web application that uses WebSocket communication to provide a training environment for learning about WebSocket-related security vulnerabilities.