Free & Open Source Security Tools

A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.

A comprehensive resource for threat hunting in Active Directory environments, covering tracking command-line/PowerShell activity, Kerberoasting detection, auditing attacker activity, and monitoring enterprise command-line activity.

Dorothy is a tool to test monitoring and detection capabilities for Okta environments, with modules mapped to MITRE ATT&CK® tactics.

VMCloak is a tool for creating and preparing Virtual Machines for Cuckoo Sandbox.

Yar is a reconnaissance tool for scanning organizations, users, and repositories to identify vulnerabilities and security risks during security assessments.

A sensitive data detection tool for scanning source code repositories

A collection of YARA rules for Windows, Linux, and Other threats.

Enhance the security and privacy of Apple silicon Mac computers with incremental changes and user capability.

Interactive malware hunting service with live access to the heart of an incident.

Tool for live forensics acquisition on Windows systems, collecting artefacts for early compromise detection.

InternalBlue is a Bluetooth experimentation framework that enables low-level firmware interaction with Broadcom chips for security research and attack prototype development.

S3Scanner is an open-source tool that scans S3 buckets across S3-compatible APIs to identify misconfigurations and security vulnerabilities.

A cybersecurity blog from Microsoft, featuring articles and guides on various security topics, including AI, threat intelligence, cloud security, and incident response.

Varna is an AWS serverless security tool that monitors CloudTrail logs using Event Query Language to detect and alert on suspicious activities in cloud environments.

Krampus is an AWS resource management tool that automates the deletion and disabling of cloud objects based on JSON task files for security remediation and cost control.

C3 is a framework by WithSecureLabs for rapid prototyping of custom command and control channels that integrates with existing offensive security toolkits.

An open-source OSINT honeypot that monitors threat actor reconnaissance attempts and generates early-warning intelligence for blue teams during the pre-attack phase.

A company that helps organizations create security-aware teams and produce bug-free software.

A malware/botnet analysis framework with a focus on network analysis and process comparison.

netsniff-ng is a free Linux networking toolkit with zero-copy mechanisms for network development, analysis, and auditing.

A tool for creating encrypted volumes with self-destruction capabilities that automatically destroy data when tampering is detected or commands are issued.

A modern tool for Windows kernel exploration and observability with a focus on security.

A conference featuring talks and workshops on various Python-related topics.

A C-based steganographic tool that hides files within WAV audio files using least significant bit encoding techniques.