OPEN SOURCE

Open source.

Small, useful, open-source tools for defenders - built in the open on GitHub. Honest status labels; nothing here claims to be more finished than it is.

kev-watch
WORKING

A zero-dependency Python monitor for the CISA Known Exploited Vulnerabilities (KEV) catalog. Tracks newly added, actively-exploited CVEs and flags ones that match products you care about. Public data only.

View on GitHub →
sigma-pack
EARLY

The Sigma rules and KQL queries from the research writeups, shipped as runnable files - three Kerberoasting detections and three OAuth consent-phishing queries so far. Grows one writeup at a time.

View on GitHub →
Blue Team Mapper
LIVE

A comprehensive, single-page defender reference - the full defensive lifecycle mapped end to end: SIEM and log-source priority, detection engineering, incident-response flow chains, threat hunting, identity and cloud hardening, SOAR playbooks, and LLM-app defense. ATT&CK-aligned, built for analysts who need actionable depth.

Open the mapper →
BUILT IN THE OPEN

Everything here lives in the public repository, issues and all. Found a bug, or want to suggest a tool? Open an issue →