Offline, open-source AWS CloudTrail DFIR & threat hunting platform — 100+ built-in hunts, 60+ Superset dashboard charts, AI chat, and an AWS Config resource graph.

Open-source cross-platform endpoint detection engine for Windows, macOS, and Linux using ETW, ESF, eBPF, Sigma, YARA, IOCs, and ECS NDJSON alerts.

Open-source eBPF runtime security sensor for GitHub Actions and GitLab CI/CD.

It bridges my research with a functional tool. I want to provide a safe, open-source framework for hackers to test evasion and for defenders to improve detection through hands-on learning.

This repository provides sample templates for security playbooks against various scenarios when using Amazon Web Services.

LLM benchmark results for THOR forensic finding triage quality

An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.

PlantUML sprites, macros, and other includes for Amazon Web Services services and resources

Diagram-as-code for AWS architecture.

A single CLAUDE.md file to improve Claude Code behavior, derived from Andrej Karpathy's observations on LLM coding pitfalls.

ELK's layout algorithms for JavaScript

VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.

Cytoscape.js wrapper for Streamlit

React Flow | Svelte Flow - Powerful open source libraries for building node-based UIs with React (https://reactflow.dev) or Svelte (https://svelteflow.dev). Ready out-of-the-box and infinitely cust…

Graph theory (network) library for visualisation and analysis

Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.

AADInternals PowerShell module for administering Azure AD and Office 365

pinact is a CLI to edit GitHub Workflow and Composite action files and pin versions of Actions and Reusable Workflows. pinact can also update their versions and verify version annotations.

Threat matrix for CI/CD Pipeline

Shattering the 1:10 barrier. A high-velocity alternative to Plaso for the modern IR landscape

AWSGoat : A Damn Vulnerable AWS Infrastructure

Hunting queries and detections

☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

A tool for AWS incident response, that allows for enumeration, acquisition and analysis of data from AWS environments for the purpose of incident response.