Adel Ka

Lightweight macOS detection agent built on Santa’s Endpoint Security telemetry.

Galah: An LLM-powered web honeypot.

A flexible detection platform that simplifies rule management and deployment with K8s CronJob and Helm. Venator is flexible enough to run standalone or with other job schedulers like Nomad.

Fingerprint-aware TLS reverse proxy. Use Finch to outsmart bad traffic—collect client fingerprints (JA3, JA4 +QUIC, JA4H, HTTP/2) and act on them: block, reroute, tarpit, or deceive in real time.

Read-only developer endpoint scanner for on-disk package, extension, and developer-tool metadata, built to check exposure to known software supply-chain compromises.

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

A curated list of awesome OSCP resources

FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

honeyλ - a simple, serverless application designed to create and monitor fake HTTP endpoints (i.e. URL honeytokens) automatically, on top of AWS Lambda and Amazon API Gateway

✨ A compilation of suggested tools/services for each component in a detection and response pipeline, along with real-world examples. The purpose is to create a reference hub for designing effective threat detection and response pipelines. 👷 🏗

Deception based detection techniques mapped to the MITRE’s ATT&CK framework

A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

AIRT — A free, open-source AI Red Teaming course with 8 modules and hands-on Docker labs. Built with Perplexity Computer.

A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).

hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)

Windows version of honeybits - a PoC tool to create breadcrumbs and honeytokens, to lead the attackers to your honeypots!

QUICk - a go library based on gopacket for analyzing QUIC CHLO messages

Some of the presentations given by me

EAA is a curated catalog of techniques for abusing local AI agents, especially coding agents, through their runtime, configuration, state, tools, and inherited authority.

HASSH fingerprints for identifying OpenSSH servers potentially vulnerable to CVE-2024-6387 (regreSSHion).

🍯 Public honeypot datasets containing HTTP and TLS fingerprint data 🫆

an awesome list of honeypot resources

Cowrie SSH/Telnet Honeypot

No description.

Fingerproxy is an HTTPS reverse proxy. It creates JA3, JA4, Akamai HTTP2 fingerprints, and forwards to backend via HTTP request headers.

No description.

HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of a small MD5 fingerprint.

Generic Low Interaction Honeypot

No description.

JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.

No description.

Checkpot Honeypot Checker

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

JA4+ is a suite of network fingerprinting standards

Provides packet processing capabilities for Go

CryptoAUS Honeytoken Workshop