Pinned Repositories
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
attack-control-framework-mappings
Security control framework mappings to MITRE ATT&CK provide a critically important resource for organizations to assess their security control coverage against real-world threats and provide a bridge for integrating ATT&CK-based threat information into the risk management process.
attack-flow
Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
attack-workbench-frontend
An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains an Angular-based web application providing the user interface for the ATT&CK Workbench application.
cti-blueprints
CTI Blueprints is a free suite of templates and tools that helps Cyber Threat Intelligence analysts create high-quality, actionable reports more consistently and efficiently.
neo4j-etl
Data import from relational databases to Neo4j.
Nimo-Awesome_repo
opcua-exploit-framework
Advanced OPC-UA framework for vulnerability research & exploitation
Taipan
Web application vulnerability scanner
threatsmanager
Threats Manager Platform Core libraries and SDK
squ1ddy's Repositories
squ1ddy/neo4j-etl
Data import from relational databases to Neo4j.
squ1ddy/Taipan
Web application vulnerability scanner
squ1ddy/attack-scripts
Scripts and a (future) library to improve users' interactions with the ATT&CK content
squ1ddy/attacksrfc
React frontend to the cveservice project.
squ1ddy/automatic-api-attack-tool
Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.
squ1ddy/Categorized-Adversary-TTPs
Merge of two major cyber adversary datasets, MITRE ATT&CK and ETDA/ThaiCERT Threat Actor Cards, enabling victim/motivation-adversary-technique pivoting.
squ1ddy/compliance-trestle-demos
Demo setup for compliance-trestle
squ1ddy/compliance-trestle-ssp-demo
Demonstration of compliance trestle's ssp authoring capabilites.
squ1ddy/ControlCompass.github.io
Pointing cybersecurity teams to thousands of detection rules and offensive security tests aligned with common attacker techniques
squ1ddy/Cyber-Adversary-Heatmaps
Intelligence around common attacker behaviors (MITRE ATT&CK TTPs), in the form of ATT&CK Navigator "layer" json files.
squ1ddy/DocxToSource
A multi-platform application that is able to generate dotnet source code based on OpenXml based documents.
squ1ddy/evaluator
⚖Open Source Toolkit for Quantitative Risk Assessment
squ1ddy/govready.com
The website at govready.com.
squ1ddy/insider-threat-ttp-kb
The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.
squ1ddy/ism-oscal
Australian ISM in OSCAL format
squ1ddy/ite-4-demo
in-toto demo
squ1ddy/nmap-scada
nse scripts for scada identification
squ1ddy/oscal-diagrams
Automatically generated diagrams for OSCAL models
squ1ddy/OSCAL-GUI
Joint NIST/FedRAMP tool to interact with OSCAL files via a browser-based GUI
squ1ddy/oscal-ssp-to-word
squ1ddy/oscal4neo4j
Scripts to import OSCAL example content into the Neo4J graph database
squ1ddy/OSSEM-DM
OSSEM Detection Model
squ1ddy/pandoc-as-a-service
If you need to convert text from one markup format into another, pandoc-as-a-service is your swiss-army knife.
squ1ddy/program-engineer-gpt
Interact directly with code repositories in a chat or automate the development of your code based just on a project description
squ1ddy/RiskBloX
RiskBloX is a Risk Management open-source tool with two offerings. An ATT&CK Assessment leveraging Mitre ATT&CK resources. A Business Impact Risk Assessment (BIRA) against Risk Areas to determine the impact to the business if a risk is realised.
squ1ddy/scf-oscal-catalog-model
Machine readable format of the Secure Controls Framework (SCF) that aligns with NIST's Open Security Controls Assessment Language (OSCAL) catalog model. This is a joint project with Ignyte Platform Inc. to maintain the OSCAL version on a frequent basis as new information about SCF is released.
squ1ddy/schemas
YAML schema, examples, and validators for OpenControl format.
squ1ddy/verispy
Python parser for VERIS json data
squ1ddy/vulnx
vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.
squ1ddy/webpage2attack
Generate portable TTP intelligence from a web-based report