CiscoCXSecurityLabs

bbqsql

SQL Injection Exploitation Tool

creddump7

enum4linux

enum4Linux is a Linux alternative to enum.exe for enumerating data from Windows and Samba hosts

linikatz

linikatz is a tool to attack AD on UNIX

mat

MAT is a tool to assess mobile applications

NeoPI

presentations

Presentations from the CX Security Labs team

sslxray

sslxray is an SSL/TLS scanning tool designed to detect a wide range of issues

tlsplayback

tlsplayback is a set of Proof of Concepts (PoC) showing real-world replay attacks against TLS 1.3 libraries and browsers by exploiting 0-RTT

whitepapers

Papers from the CX Security Labs team

CiscoCXSecurity/enum4linux

enum4Linux is a Linux alternative to enum.exe for enumerating data from Windows and Samba hosts

CiscoCXSecurity/linikatz

linikatz is a tool to attack AD on UNIX

CiscoCXSecurity/rdp-sec-check

rdp-sec-check is a Perl script to enumerate security settings of an RDP Service (AKA Terminal Services)

CiscoCXSecurity/udp-proto-scanner

udp-proto-scanner is a Perl script which discovers UDP services by sending triggers to a list of hosts

CiscoCXSecurity/Detection-Engineering-Framework

CiscoCXSecurity/unix-audit

Framework for generating audit commands for Unix security audits

CiscoCXSecurity/udpy_proto_scanner

udpy_proto_scanner is a Python script which discovers UDP services by sending triggers to a list of hosts

CiscoCXSecurity/presentations

Presentations from the CX Security Labs team

CiscoCXSecurity/log4j

Detection rules to look for Log4J usage and exploitation

CiscoCXSecurity/unix_collector

A live forensic collection script for various artefacts from UNIX-like systems.

CiscoCXSecurity/tcpy_scanner

Fast cross-platform TCP Connect Scanner written in Python

CiscoCXSecurity/linux-malware

Tracking interesting Linux (and UNIX) malware. Send PRs

CiscoCXSecurity/AI4SecOps

CiscoCXSecurity/osboxdeploy

OSBoxDeploy is a set of Ansible playbooks and associated artefacts to deploy OpenStack compute hosted Docker containers. It is work in progress, so do not expect too much, too soon

CiscoCXSecurity/security_content

Splunk Security Content

CiscoCXSecurity/AdversaryShield

Mitigate adversial attacks on LLMs via automatic deployment of predefined plugins.

CiscoCXSecurity/Aegis

National Cyber Defense Investment Planning and Modeling Tool

CiscoCXSecurity/attack-ti

Vertical and geographic extracts from MITRE ATT&CK

CiscoCXSecurity/Cisco-Security-Postman

CiscoCXSecurity/DCOM-Audit

DCOM-Audit: Enumerate, Audit, and Secure DCOM objects

CiscoCXSecurity/IOCs

Indicators of Compromise

CiscoCXSecurity/meraki-hunting

Threat hunting scripts for Cisco Meraki installations

CiscoCXSecurity/nac-collector

CiscoCXSecurity/security-research-governance-toolkit

Cisco CX Security Labs Security Research Governance Toolkit

CiscoCXSecurity/signaturemap

CiscoCXSecurity/SOCStrategy

CiscoCXSecurity/ssh-farm

A simple tool to spawn multiple SSH services via docker.

CiscoCXSecurity/Talon

A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory environment.

CiscoCXSecurity/unix-privesc-check

Automatically exported from code.google.com/p/unix-privesc-check

CiscoCXSecurity/XDR_demo_-_create_incident_from_apache_log_threat_analysis

create an XDR incident from Attack Detection into apache log