RogueApps is a repository that documents observed Tactics, Techniques, and Procedures (TTPs) associated with OIDC/OAuth 2.0 application attacks. It serves as a collaborative platform for security professionals to share information about malicious applications exploiting OAuth 2.0 and OpenID Connect protocols. The project maintains a curated list of rogue applications, their characteristics, and attack patterns. This information is stored in a JSON format, allowing for easy integration and analysis. RogueApps provides a web interface for browsing the collected data, making it accessible for researchers and practitioners in the field of cybersecurity. The platform encourages community contributions through a structured process, ensuring the quality and relevance of the information shared.
FEATURES
ALTERNATIVES
ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).
A tool for fetching and visualizing cyber threat intelligence data with Elasticsearch and Kibana integration.
VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.
A free threat intelligence feed and banlist feed of known malicious IP addresses for public use only.
A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
PINNED

InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.