dnsmonster
A battery-included passive DNS monitoring tool. Website: dnsmonster.dev
tcpshark
A cross-platform process-aware tcpdump. Project Github: tcpshark
byosh and sniproxy
A transparent web proxy using DNS and routing based on Server Name Indication (SNI) TLS extension. original Python project on github. Newer Golang version on github
dnspot
A DNS C2 framework built on ECC. Project Github: dnspot
ebpf-edr
A proof-of-concept EDR using Golang and eBPF. Project Github: ebpf-edr
binary tools
A set of statically-linked binaries designed to be shipped quickly and removed safely from containers, servers and workstations. Useful for Forensics investigation and K8s troubleshooting. Project Github: binary-tools
arkime container
A Go wrapper for Arkime(formerly Moloch) full packet indexing tool to make it container-friendly. Project Github: arkime-container