Agile Threat Modeling Toolkit

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Collection of YARA-L 2.0 sample rules for the Chronicle Detection API

Repository of yara rules

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

An AI-powered Personal Identifiable Information (PII) scanner.

A multi-platform binary whitelisting solution

Find secrets with Gitleaks 🔑

honest.security microsite

A little tool to play with Windows security

A proposed standard that allows websites to define security policies.

Simple command line tool to check for compliance against CIS Benchmarks

Web app that provides basic navigation and annotation of ATT&CK matrices

Top ATT&CK Techniques helps defenders approach the breadth and complexity of MITRE ATT&CK® with a prioritized top 10 list of techniques to focus on first.

macOS Security Compliance Project

A collection of awesome security hardening guides, tools and other resources

CIS Benchmarks for macOS Catalina

For Mac users in enterprise environments, this application gives users control over the administration of their machine by elevating their level of access to administrator privileges on macOS. User…

Provides temporary admin access for a standard user via Jamf Self Service

Open source vulnerability DB and triage service.

JIT Groups is an open source application that lets you implement secure, self-service access management for Google Cloud using groups.

Compares and analyzes GCP IAM roles.

Aftermath is a free macOS IR framework

LuLu is the free open-source macOS firewall

Block malware on your network using your PiHole, using threat intelligence extracted from Emerging Threats rulesets.

Guide to using YubiKey for GnuPG and SSH

Browser extension for hacking WebAssembly games a la Cheat Engine

Custom gitleaks configuration