Framework

Steryon Module - Compliance

OT compliance monitoring platform with automated control validation and AI

TrustCloud SOC Compliance

Compliance automation platform for SOC 2, ISO 27001, HIPAA, GDPR & more

Lockheed Martin Cyber Resiliency Level®

Framework for measuring cyber resiliency maturity of weapon systems

Anecdotes Cross-Mapping

Cross-mapping tool for reusing compliance evidence across multiple frameworks

Cloud Security Alliance CloudTrust Protocol

Protocol for requesting transparency info about cloud services

Cloud Security Alliance AI Model Risk Management Framework

Framework for managing risks in AI/ML models through structured documentation

Accorian NIST Cybersecurity Framework

NIST Cybersecurity Framework implementation and compliance consulting services

Qmulos Q-Core

Compliance mgmt platform for evidence collection, policy tracking & reporting

OneTrust Compliance Automation

Compliance automation platform with 50+ frameworks and evidence collection

Intuitem CISO Assistant

GRC platform for managing cyber security programs, compliance, and risk assessment

CyberSaint CyberStrong

AI-powered cyber risk management platform for compliance, risk quantification

CAI (Cybersecurity AI)

An open-source framework that enables building and deploying AI-powered security automation tools for both offensive and defensive cybersecurity operations using over 300 AI models.

GitHub Actions Attack Diagram

A visual guide that maps attack vectors and exploitation techniques for identifying vulnerabilities in GitHub Actions configurations and CI/CD pipelines.

dref

A DNS rebinding exploitation framework

racepwn

A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.

C3

C3 is a framework by WithSecureLabs for rapid prototyping of custom command and control channels that integrates with existing offensive security toolkits.

CrowdFMS

CrowdFMS is a CrowdStrike framework that automates malware sample collection from VirusTotal using YARA rule-based notifications and the Private API system.

Stratus Red Team

A cloud-focused attack simulation framework that provides granular, self-contained offensive techniques mapped to MITRE ATT&CK for red team exercises.

IronBee

IronBee is an open source web application security sensor framework that provides detection and prevention capabilities for web application vulnerabilities.

mkCTF

mkCTF is a framework for creating and managing jeopardy-style CTF challenges with configurable structure and automated deployment capabilities.

Hapi

Hapi is a Node.js web application framework that provides built-in functionality for building scalable server-side applications and APIs with security features and plugin architecture.

Needle

Needle is a discontinued open source modular framework for iOS application security assessments that was compatible with iOS 9 and iOS 10 before being replaced by Objection.

Cobalt Strike's ExternalC2 framework

A specification/framework for extending default C2 communication channels in Cobalt Strike

Framework for Cybersecurity Info Sharing

A Microsoft framework for secure and efficient sharing of cybersecurity information between trusted parties to reduce cybersecurity risks.