Toolsmith

Courtesy of TLDR InfoSec Launches & Tools again, another fine discovery in Robert McDermott’s AI Powered Knowledge Graph Generator. Robert’s system takes unstructured text, uses your preferred LLM and extracts knowledge in the form of Subject-Predicate-Object (SPO) triplets, then visualizes the relationships as an interactive knowledge graph.[1]

As an avid daily reader of TLDR Information Security I benefit twofold. First, I gain interesting insights and recommendations regarding launches and tools, where I first learned about OctoSQL. Second, concerning vulnerability details inevitably land in my inbox on a near daily basis. Aside from my recommendation to join the TLDR InfoSec mailing list, toolsmith readers also benefit twofold as, herein, I share the use of OctoSQL as a fast CLI interface to vulnerability data aggregated via CVE-Vulnerability-Information-Downloader. If ever you’ve wanted to join vulnerability data (CVE, CVSS, EPSS, etc) from disparate data sources and file types, this is the toolsmith for you.

Protect AI’s OSS portfolio includes tools aimed at improving security of AI/ML software. These tools are meant for a wide range of engineering, security and ML practitioners including developers, security engineers/researchers, ML engineers, LLM engineers and prompt engineers, and data scientists.
Of particular interest in light of model serialization attacks is ModelScan.

Sandfly Security, headquartered in New Zealand (where they know sandflies all to well), refers to itself as such because they’re like sandflies: they relentlessly bug and discourage intruders, deploying like a swarm onto endpoints, then disappear only to return again and again. Theses swarms of checks make life miserable for hackers on Linux hosts while minimizing system impact. I’ve been following Sandfly’s Craig Rowland on Twitter for awhile with the intent of giving Sandlfy a look for toolsmith, and in the time I’ve kept watch, the offering has grown into a comprehensive and robust platform for Linux security.

Introduction

Exploratory data analysis (EDA) is a mission critical task underpinning the predominance of detection development and preparation for cybersecurity-centric machine learning. There are a number of actions that analysts can take to better understand a particular data set and ready it for more robust utilization. In the spirit of toolsmith, and celebration of this being the 150th issue since toolsmith’s inception in late 2006, consider what follows a collection of tools for your security data analytics tool kit.

Russ McRee writes award-winning toolsmith, published monthly as often as possible. ;-)

As of August 2018, toolsmith is exclusively published via holisticinfosec.io.
From September 2015 through August 2018, toolsmith was exclusively published at the HolisticInfoSec blog.
From November 2006 through August 2015, toolsmith was published in the ISSA Journal.

Thank you for your continued patronage and support.

• August 2015 - There Is No Privacy - Hook Analyser vs. Hacking Team
• July 2015 - Malware Analysis with REMnux Docker Containers
• June 2015 - IoT Fruit - Pineapple and Raspberry
• May 2015 - Attack & Detection: Hunting in-memory adversaries with Rekall and WinPmem
• April 2015 - Rapid Assessment of Web Resources (RAWR!)
• March 2015 - Faraday IPE: When Tinfoil Won’t Work for Pentesting
• February 2015 - Sysmon 2.0 & EventViz
• January 2015 - Kansa vs. Cleaver - PowerShell IR Tactics
• December 2014 - Artillery
• November 2014 - Inside and Outside the Wire with FruityWifi & WUDS
• October 2014 - HoneyDrive: Honeypots in a Box
• September 2014 - Jay and Bob Strike Back: Data-Driven Security
• August 2014 - Threats & Indicators: A Security Intelligence Lifecycle
• July 2014 - ThreadFix: You Found It, Now Fix It
• June 2014 - Testing and Research with BlackArch Linux
• May 2014 - Microsoft Threat Modeling Tool 2014 - Identify & Mitigate
• April 2014 - Browse this: & Oryon C Portable & WhiteHat Aviator
• March 2014 - SpiderFoot
• February 2014 - SimpleRisk: Enterprise Risk Management Simplified
• January 2014 - Tails - The Amnesiac Incognito Live System
• December 2013 - Hey Lynis, Audit This
• November 2013 - OWASP Xenotix XSS Exploit Framework
• October 2013 - C3CM 3: Part 3 - ADHD: Active Defense Harbinger Distribution
• September 2013 - C3CM: Part 2 - Bro with Logstash and Kibana
• August 2013 - C3CM: Part 1 - Nfsight with Nfsen and Nfdump
• July 2013 - EMET 4.0: These Aren’t the Exploits You’re Looking For
• June 2013 - Visual Malware Analysis With ProcDOT
• May 2013 - Recon-ng
• April 2013 - Implementing Redmine for Secure Project Management
• March 2013 - Redline: APT1 and You - We’re All Owned
• February 2013 - Social-Engineer Toolkit (SET): Pwning The Person
• January 2013 - Violent Python: A Book Review Applied to Security Analytics
• December 2012 - ModSecurity for IIS Part 2 of 2 - Web Application Security Flaw Discovery and Prevention
• November 2012 - Arachni: Web Application Security Scanner Part 1 of 2 - Web Application Security Flaw Discovery and Prevention
• October 2012 - Network Security Toolkit (NST): Packet Analysis Personified
• September 2012 - SearchDiggity: Dig Before They Do
• August 2012 - NOWASP Mutillidae: Hack Like You Mean It
• July 2012 - Collective Intelligence Framework
• June 2012 - Security Investigations with PowerShell
• May 2012 - Buster Sandbox Analyzer
• April 2012 - Log Parser Lizard
• March 2012 - Pen Testing with Pwn Plug
• February 2012 - Splunk App: Windows Security Operation Center
• January 2012 - ZeroAccess analysis with OSForensics
• December 2011 - Registry Decoder
• November 2011 - OWASP ZAP - Zed Attack Proxy
• October 2011 - Log Analysis with Highlighter
• September 2011 - Memory Analysis with DumpIt and Volatility
• August 2011 - PacketFence - Open Source Network Access Control
• July 2011- RIPS: Static source code analyzer for PHP vulnerabilities
• June 2011 - Xplico
• May 2011 - Security Onion
• April 2011 - OpenVAS-4
• March 2011 - OSINT with FOCA 2.6
• February 2011 - El Jefe 1.1: The Boss Will See You Now
• January 2011 - Armitage: Cyber Attack Management for Metasploit
• December 2010 - SamuraiWTF: The Life Cycle of a Web Application Vulnerability Analysis
• November 2010- Confessor & MOLE
• October 2010 - The NirSoft Collection
• September 2010 - REMnux
• August 2010 - Suricata: An Introduction
• July 2010 - NetWitness Investigator
• June 2010 - Web Security Tools: skipfish and iScanner
• May 2010 - SIFT Workstation 2.0: SANS Investigative Forensic Toolkit
• April 2010 - Dradis: Effective Information Sharing for Pentest Teams
• March 2010 - NetGrok and AfterGlow: Visualizing the Zeus attack against government and military
• February 2010 - Firefox Addons for Security Practitioners
• January 2010 - Single Packet Authorization: The Ghost in the Machine
• December 2009 - Maltego: Transform & Correlate *2009 Toolsmith Tool of the Year
• November 2009 - Fiddler with Watcher: Passive security auditor
• October 2009 - OSSEC
• September 2009 - OffVis 1.0 Beta: Office visualization tool
• August 2009 - AIRT: Application for Incident Response Teams
• July 2009 - Malzilla: Exploring scareware and drive-by malware
• June 2009 - MIR-ROR: Motile Incident Response - Respond Objectively, Remediate
• May 2009 - SUMO Linux: Security utilizing multiple options
• April 2009 - Tamper Data: CSRF examined
• March 2009 - Adito: Open-source,browser-based SSL VPN
• February 2009 - Mandiant Memoryze with Audit Viewer *2008 Toolsmith Tool of the Year
• January 2009 - Part 2 of 2: The Integrity Project - WebJob
• December 2008 - Part 1 of 2: The Integrity Project - FTimes
• November 2008 - Bipartisan server politi…er, security
• October 2008 - fwsnort-1.0.5: iptables intrusion detection
• September 2008 - PTA: Practical Threat Analysis
• August 2008 - NetworkMiner: Network Forensic Analysis Tool
• July 2008 - PHPIDS: Attack my website, please!
• June 2008 - Security Visualization: What You Don’t See Can Hurt You
• May 2008 - MojoPac: Get Your Mojo Working
• April 2008 - The XSS Epidemic: Tools for discovery and remediation
• March 2008 - WinPatrol
• February 2008 - Packet Analysis with the Hex System
• January 2008 - Gpg4win: Email Security using GnuPG for Windows
• December 2007 - Mandiant Red Curtain: Malware identification for incident responders
• November 2007 - Argus: Auditing network activity
• October 2007 - Security Officers Management & Analysis Project (SOMAP)
• September 2007 - SensePost: Wikto, Scully, and CrowBar
• August 2007 - CIS Benchmarks
• July 2007 - Malcode Analysis Software Tools
• June 2007 - Search Engine Security Auditing
• May 2007 - Core Impact 6.2: Anatomy of an ethical penetration test
• April 2007 - Nessj: Application/network security scanner client
• March 2007: Managing Badware and Policy Violation with Aanval and Bleeding Edge Threat Snort Rules
• February 2007 - RAPIER v. 3.1
• January 2007 - Activeworx IDS Policy Manager 2.0: Rules management for multiple sensors
• December 2006 - Web Application Security Testing 101: Paros Proxy and Badstore
• November 2006 - Security Analysis with Wireshark
• October 2006 - Infosec LiveDistros: Must-haves for the information security practitioner