Open Threat Informed Detection Engineering is the European Commission DIGIT.S2 (Security Operations) open source initiative to build a rich ecosystem of tooling and data supporting Cyber Threat Det…

A super fast CLI tool to decode and encode JWTs built in Rust

Gram is Klarna's own threat model diagramming tool

💀 Don't fear the Reaper 👻

The objective of this program is to leverage AI-LLM technology to process of human language-based CTI documents to succinctly summarize the attack flow path outlined within such materials via mappi…

Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets

Opensource IDE For Exploring and Testing Api's (lightweight alternative to postman/insomnia)

Crashbench is a LLM benchmark to measure bug-finding and reporting capabilities of LLMs

Repository with supporting materials for Invictus Academy/Training

An AI-Powered Privacy Threat Modeling tool based on the LINDDUN framework by leveraging Large Language Models.

Search for vulnerabilities and exposures while filtering based on age, keywords, and other parameters.

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

AI-powered ffuf wrapper

The first open-source AI-driven tool for automatically generating system-level test cases (also known as fuzzing) for web/enterprise applications. Currently targeting whitebox and blackbox testing …

My personal tech blog

Open source templates you can use to bootstrap your security programs

The TTPForge is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).

Security Scanning Samples with cnspec, cnquery, and Mondoo Platform

This repository contains security policies for cnspec maintained by Mondoo and the cnspec community.

This repository contains query packs for cnquery maintained by Mondoo and the cnquery community.

An open source, cloud-native security to protect everything from build to runtime

open source, cloud-native, graph-based asset inventory

offensive notes & resources

Network egress filtering and runtime security for GitHub-hosted and self-hosted runners

Sticky notes for pentesting, bug bounty, CTF.

Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.

This is a repo with links to everything you'd ever want to learn about data engineering

All the resources you need to get to Senior Engineer and beyond

Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time threat information, gain a competitive advantage, and stay infor…