Free Cybersecurity Tools

Simple C++ Encryption and Steganography tool for hiding files inside images using LSB encoding.

An interactive command line application for Open Source Intelligence collection and artifact management that enables investigation of IP addresses, domains, email addresses, file hashes, and other digital artifacts.

Bitscout is a Bash-based live OS constructor tool for building customizable forensic environments used in remote system triage, malware hunting, and digital forensics investigations.

A command-line string extraction utility for digital forensics that supports ASCII and Unicode string extraction from files and directories with pattern matching and filtering capabilities.

BW-Pot is an interactive web application honeypot that deploys vulnerable applications to attract and monitor HTTP/HTTPS attacks, with automated logging to Google BigQuery for analysis.

Innovative hub for cybersecurity events and initiatives.

Ebowla is a tool for generating payloads in Python, GO, and PowerShell with support for Reflective DLLs.

FestIn discovers open S3 buckets associated with a domain using crawling and DNS reconnaissance techniques.

A framework for creating standardized cybersecurity event schemas in JSON format that enables interoperability across security tools and platforms.

An open source network penetration testing framework with automatic recon and scanning capabilities.

Free and open-source cybersecurity training classes with multi-class learning paths for high-skill, high-pay job skills.

An automated script that configures Active Directory domains using customizable XML configuration files.

A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.

A comprehensive Windows command-line reference guide for security professionals, system administrators, and incident responders.

A reminder that technology alone is not enough to stay secure against social engineering tactics.

A forensic toolkit for analyzing Android and iOS devices to detect potential spyware infections and security compromises using indicators of compromise.

Freely available network IOCs for monitoring and incident response

A strings statistics calculator for YARA rules to aid malware research.

Chamber is a command-line tool for managing secrets by storing them in AWS SSM Parameter Store with path-based API support for improved performance.

A Python library for interacting with TAXII servers

A modular malware collection and processing framework with support for various threat intelligence feeds.

An IDA Pro plugin that uses YARA rules to automatically detect cryptographic constants and patterns in binary files during reverse engineering analysis.

A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.

Documentation of an AWS IAM privilege escalation technique that exploits the iam:CreatePolicyVersion permission to gain elevated access through policy manipulation.