Tools for endpoints

Make a system look as if it was hit by an APT.

Navigate and annotate MITRE ATT&CK.

Acquire volatile memory on Linux.

File triage and malware analysis pipeline.

Small, portable ATT&CK detection tests.

Digital forensics platform.

Build Your Own Botnet (research).

Kill protected EDR processes.

Web-based SSH bastion and key manager.

CISA's DFIR tool.

Tripwire tokens for free.

Hunt across Windows event logs at speed.

Mandiant's Windows pentest VM.

Observable analysis engine for TheHive.

Medium-interaction SSH/Telnet honeypot.

Docker enumeration + container escape.

Hunt PowerShell attacks in Windows logs.

Automated detection lab environment.

Forensic artifact framework from Fox-IT.

Position-independent .NET shellcode loader.

Post-exploitation framework.

SSH tarpit that wastes attacker time.

Reverse-proxy phishing for MFA bypass.

Fast Incident Response platform.