Harden your Debian GNU/Linux workstation with various settings, configurations and packages

Graphical user interface for the AppArmor security module

Krathalan's AppArmor profiles for Arch Linux

Run applications through VPN tunnels with temporary network namespaces

Improve your system's security.

Automated CIS Benchmark Compliance Audit for Debian 12 with Ansible & GOSS

Automated CIS Benchmark Compliance Remediation for Ubuntu 24 with Ansible

Automated CIS Benchmark Compliance Remediation for Debian 12 with Ansible

KQL Queries. Microsoft Defender, Microsoft Sentinel

A repository to help CTI teams tackle the challenges around collection and research by providing guidance from experienced practitioners

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

Collection of KQL queries

Code included as part of the MustLearnKQL blog series

A resource containing all the tools each ransomware gangs uses

😎 Awesome list of all things related to Microsoft Entra

Indicators of Compromises (IOC) of our various investigations

A collection of sources of indicators of compromise.

File Access Policy Daemon

Run any Linux process in a secure, unprivileged sandbox using Landlock. Think firejail, but lightweight, user-friendly, and baked into the kernel.

Mapping the MITRE ATT&CK Matrix with Osquery

A curated list of awesome things related to Suricata

Suricata rules for network anomaly detection

A repository for using osquery for incident detection and response

Unikernel and immutable infrastructures

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Linux namespaces and seccomp-bpf sandbox

Best practice configuration for Linux auditd for CIS and STIG standards, enhanced with LOTL detection rules.

Hardened kernel configuration optimized for virtual machines. - https://www.kicksecure.com/wiki/Hardened-kernel