Set up a personal VPN in the cloud

An osquery extension for endpoint engineers

TCP/IP packet demultiplexer. Download from:

This project aims to compare and evaluate the telemetry of various EDR products.

Tunnel TCP connections through ICMP.

Purple Team Exercise Framework

osquery extensions by Trail of Bits

Web-based Traffic and Security Network Traffic Monitoring

Osquery launcher, autoupdater, and packager

A library that provides an embeddable, persistent key-value store for fast storage.

Fleet is the lightweight, programmable telemetry platform for servers and workstations. Get comprehensive, customizable data from all your devices and operating systems — without the downtime risk.

Credentials recovery project

The C++ Core Guidelines are a set of tried-and-true guidelines, rules, and best practices about coding in C++

A repository for using windows event forwarding for incident detection and response

Extension to OSquery Windows that enhances it with real-time telemetry, log monitoring and other endpoint data collection

Set of EVTX samples (>270) mapped to MITRE Att@k tactic and techniques to measure your SIEM coverage or developed new use cases.

Materials and IPython notebooks for "Python for Data Analysis" by Wes McKinney, published by O'Reilly Media

Easy & Flexible Alerting With ElasticSearch

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

Cortex: a Powerful Observable Analysis and Active Response Engine

The FLARE team's open-source tool to identify capabilities in executable files.

Windows kernel and user mode emulation.

AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to…

Re-play Security Events

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.