Virgo Cluster

Adel Ka

Elite
@0x4D31

Security Engineer, Detection & Response

awesome-threat-detection. ✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

4.7k

awesome-oscp. A curated list of awesome OSCP resources

3.4k

fatt. FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic

684

galah. Galah: An LLM-powered web honeypot.

655

burpa. Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

535

honeyLambda. honeyλ - a simple, serverless application designed to create and monitor fake HTTP endpoints (i.e. URL honeytokens) automatically, on top of AWS Lambda and Amazon API Gateway

526

finch. Fingerprint-aware TLS reverse proxy. Use Finch to outsmart bad traffic—collect client fingerprints (JA3, JA4 +QUIC, JA4H, HTTP/2) and act on them: block, reroute, tarpit, or deceive in real time.

298

detection-and-response-pipeline. ✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective threat detection and response pipelines. 👷 🏗

296

deception-as-detection. Deception based detection techniques mapped to the MITRE’s ATT&CK framework

290

honeybits. A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots

278

salt-scanner. Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

262

airt. AIRT — A free, open-source AI Red Teaming course with 8 modules and hands-on Docker labs. Built with Perplexity Computer.

205

santamon. Lightweight macOS detection agent built on Santa’s Endpoint Security telemetry.

113

honeyku. A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).

65

hassh-utils. hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)

58

honeybits-win. Windows version of honeybits - a PoC tool to create breadcrumbs and honeytokens, to lead the attackers to your honeypots!

24

quick. QUICk - a go library based on gopacket for analyzing QUIC CHLO messages

21

Presentations. Some of the presentations given by me

19

endpoint-ai-agent-abuse. EAA is a curated catalog of techniques for abusing local AI agents, especially coding agents, through their runtime, configuration, state, tools, and inherited authority.

11

awesome-honeypots. an awesome list of honeypot resources

10

cve-2024-6387_hassh. HASSH fingerprints for identifying OpenSSH servers potentially vulnerable to CVE-2024-6387 (regreSSHion).

10

honeypot-data. 🍯 Public honeypot datasets containing HTTP and TLS fingerprint data 🫆

10

cowrie. Cowrie SSH/Telnet Honeypot

4

Notes.

4

venator. A flexible detection platform that simplifies rule management and deployment with K8s CronJob and Helm. Venator is flexible enough to run standalone or with other job schedulers like Nomad.

3

fingerproxy. Fingerproxy is an HTTPS reverse proxy. It creates JA3, JA4, Akamai HTTP2 fingerprints, and forwards to backend via HTTP request headers.

2

hassh. HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of a small MD5 fingerprint.

2

0x4d31.github.io. HTML

2

ja3. JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.

1

glutton. Generic Low Interaction Honeypot

1

checkpot. Checkpot Honeypot Checker

1

eql. Python

1

rdfp. Zeek

1
33
Apply