Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalone or with other job schedulers like Nomad.

Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extracting the malware's final stage configuration.

A recon tool that uses AI to predict subdomains. Then returns those that resolve.

Tooling backed by an LLM for performing natural language searches against compiled target binaries. Search for encryption code, password strings, vulnerabilities, etc.

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking.

Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.

This project steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer

Dump cookies and credentials directly from Chrome/Edge process memory

Tools and scripts to deploy and manage OpenRelik instances

A Caldera plugin for the emulation of complete, realistic cyberattack chains.

JFFS2 filesystem extraction tool

Indicators from Amnesty International's investigations

HookChain: A new perspective for Bypassing EDR Solutions

This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.

AI-powered ffuf wrapper

Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!

When good OAuth apps go rogue. Documents observed OAuth application tradecraft

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

Test & Compare different Kubernetes security offerings on EKS, GKE and AKS

Open source templates you can use to bootstrap your security programs

A resource containing all the tools each ransomware gangs uses

Umami is a simple, fast, privacy-focused alternative to Google Analytics.

AIGoat: A deliberately Vulnerable AI Infrastructure. Learn AI security through solving our challenges.

Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

This tool parses log data and allows to define analysis pipelines for anomaly detection. It was designed to run the analysis with limited resources and lowest possible permissions to make it suitab…