This is your work, valued
Security Engineer, Detection & Response
awesome-threat-detection. โจ A curated list of awesome threat detection and hunting resources ๐ต๏ธโโ๏ธ
4.7kawesome-oscp. A curated list of awesome OSCP resources
3.4kfatt. FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
684galah. Galah: An LLM-powered web honeypot.
655burpa. Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
535honeyLambda. honeyฮป - a simple, serverless application designed to create and monitor fake HTTP endpoints (i.e. URL honeytokens) automatically, on top of AWS Lambda and Amazon API Gateway
526finch. Fingerprint-aware TLS reverse proxy. Use Finch to outsmart bad trafficโcollect client fingerprints (JA3, JA4 +QUIC, JA4H, HTTP/2) and act on them: block, reroute, tarpit, or deceive in real time.
298detection-and-response-pipeline. โจ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective threat detection and response pipelines. ๐ท ๐
296deception-as-detection. Deception based detection techniques mapped to the MITREโs ATT&CK framework
290honeybits. A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots
278salt-scanner. Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration
262airt. AIRT โ A free, open-source AI Red Teaming course with 8 modules and hands-on Docker labs. Built with Perplexity Computer.
205santamon. Lightweight macOS detection agent built on Santaโs Endpoint Security telemetry.
113honeyku. A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).
65hassh-utils. hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)
58honeybits-win. Windows version of honeybits - a PoC tool to create breadcrumbs and honeytokens, to lead the attackers to your honeypots!
24quick. QUICk - a go library based on gopacket for analyzing QUIC CHLO messages
21Presentations. Some of the presentations given by me
19endpoint-ai-agent-abuse. EAA is a curated catalog of techniques for abusing local AI agents, especially coding agents, through their runtime, configuration, state, tools, and inherited authority.
11awesome-honeypots. an awesome list of honeypot resources
10cve-2024-6387_hassh. HASSH fingerprints for identifying OpenSSH servers potentially vulnerable to CVE-2024-6387 (regreSSHion).
10honeypot-data. ๐ฏ Public honeypot datasets containing HTTP and TLS fingerprint data ๐ซ
10cowrie. Cowrie SSH/Telnet Honeypot
4Notes.
4venator. A flexible detection platform that simplifies rule management and deployment with K8s CronJob and Helm. Venator is flexible enough to run standalone or with other job schedulers like Nomad.
3fingerproxy. Fingerproxy is an HTTPS reverse proxy. It creates JA3, JA4, Akamai HTTP2 fingerprints, and forwards to backend via HTTP request headers.
2hassh. HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of a small MD5 fingerprint.
20x4d31.github.io. HTML
2ja3. JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
1glutton. Generic Low Interaction Honeypot
1checkpot. Checkpot Honeypot Checker
1eql. Python
1rdfp. Zeek
1