Strelka
Strelka is a real-time, container-based file scanning system used for threat hunting, threat detection, and incident response. Originally based on the design established by Lockheed Martin's Laika BOSS and similar projects (see: related projects), Strelka's purpose is to perform file extraction and metadata collection at enterprise scale. Strelka differs from its sibling projects in a few significant ways: Core codebase is Go and Python3.10+ Server components run in containers for ease and flexibility of deployment OS-native client applications for Windows, Mac, and Linux Built using libraries and formats that allow cross-platform, cross-language support Features Strelka is a modular data scanning platform, allowing users or systems to submit files for the purpose of analyzing, extracting, and reporting file content and metadata. Coupled with a SIEM, Strelka is able to aggregate, alert, and provide analysts with the capability to better understand their environment without having to perform direct data gathering or time-consuming file analysis. Quickstart Running a file through Strelka is simple. In this section, Strelka capabilities are showcased.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A framework for managing cyber threat intelligence in structured formats.
![Invoke-ATTACKAPI [DEPRECATED] Logo](/_next/image?url=https%3A%2F%2Fkcjlih8bwjd7vpzd.public.blob.vercel-storage.com%2Fgithub-pNnWZrsWcngjHtgmLcqC9TLc5g3tJS.webp&w=64&q=75){kind=small}
A PowerShell script to interact with the MITRE ATT&CK Framework via its own API using the deprecated MediaWiki API.
An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.
FireEye Mandiant SunBurst Countermeasures: freely available rules for detecting malicious files and activity
DNSDumpster is a domain research tool for discovering and analyzing DNS records to map an organization's attack surface.
A tool designed to extract additional value from enterprise-wide AppCompat / AmCache data
A threat intelligence domain/IP/hash threat feeds checker that checks IPVoid, URLVoid, Virustotal, and Cymon.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.