Security Operations

Learn how to create new Malleable C2 profiles for Cobalt Strike to avoid detection and signatured toolset

A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.

MemLabs provides CTF-styled memory forensics challenges designed to teach students and security researchers how to analyze memory dumps using tools like Volatility.

Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.

COPS is a YAML-based schema standard for creating collaborative DFIR playbooks that provide structured guidance for incident response processes.

Automated script to install and deploy a honeypot with kippo, dionaea, and p0f on Ubuntu 12.04.

Pure Python implementation of Microsoft RDP protocol with various tools and support for different security layers.

MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.

A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.

A generator for YARA rules that creates rules from strings found in malware files while removing strings from goodware files.

Halogen automates the creation of YARA rules based on image files embedded in malicious documents to assist in threat detection and identification.

Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.

A Go-based honeypot server for detecting and logging attacker activity

WinSearchDBAnalyzer can parse and recover records in Windows.edb, providing detailed insights into various data types.

A software that collects forensic artifacts on systems for forensic investigations.

A vulnerable web site for testing Sentinel features

A toolkit for forensic analysis of network appliances with YARA decoding options and frame extraction capabilities.

FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.

A Python 2.x tool for memory analysis on Mac OS X systems with support for various OS versions and memory image export capabilities.

InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.

Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.

DDoSPot is a plugin-based honeypot platform that tracks UDP-based DDoS attacks and generates daily blacklists of potential attackers and scanners.

Tool for attacking Active Directory environments through SQL Server access.

Using Apache mod_rewrite rules to rewrite incident responder or security appliance requests to an innocuous website or the target's real website.