Tools & Frameworks
Open source and freely available frameworks and tools I work with across security strategy, operations, and technical assessment.
Governance & Risk
CISO AssistantOpen source GRC platform for risk management, compliance, and audit
ErambaOpen source governance, risk, and compliance management
SimpleRiskOpen source risk management and assessment platform
MITRE ATT&CKKnowledge base of adversary tactics, techniques, and procedures
OpenCREOpen mapping between security standards and guidelines
CIS BenchmarksCommunity-driven configuration security best practices
Security Operations
WazuhOpen source SIEM, XDR, and security monitoring
Elastic SecuritySIEM and endpoint security on the Elastic Stack
TheHiveIncident response and case management
VelociraptorEndpoint visibility and digital forensics
YARAPattern matching for malware identification
SigmaGeneric and open detection rule format
Architecture & Hardening
TerraformInfrastructure as code for consistent, auditable deployments
AnsibleAutomation for configuration management and hardening
OpenSCAPAutomated compliance checking and security assessment
TrivyContainer, filesystem, and IaC vulnerability scanner
FalcoCloud-native runtime security and threat detection
CloudflareWeb security, DDoS protection, and zero trust networking
Assessment & Testing
Burp Suite CEWeb application security testing (Community Edition)
NmapNetwork discovery and security auditing
BloodHound CEActive Directory attack path analysis
WiresharkNetwork protocol analysis and troubleshooting
NucleiFast and customizable vulnerability scanner
OWASP ZAPOpen source web application security scanner