BZAR
A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices
A tool that detects the presence of a Responder in the network by sending LLMNR name resolution requests for made-up hostnames that do not exist, forcing the Responder to reveal itself if present. Available for 32/64 bit Linux, OS X, and Windows systems, with the option to build from source in Golang with no dependencies.
A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices
A network protocol analyzer for capturing and analyzing network traffic with a focus on TCP/IP flow reconstruction and response time tracking.
Netcap efficiently converts network packets into structured audit records for machine learning algorithms, using Protocol Buffers for encoding.
A simple Docker-based honeypot to detect port scanning
A Bluetooth 5 and 4.x sniffer using TI CC1352/CC26x2 hardware with advanced features and Python-based host-side software.
Unfurl is a URL analysis tool that extracts and visualizes data from URLs, breaking them down into components and presenting the information visually.