antifragile

cqrenet/antifragile

Fork 0

Commit Graph

Author	SHA1	Message	Date
Tomas Kracmar	8228ed55c4	feat: Add commercial partnership strategy to sovereign tool stack New section: 'When to Partner Commercially: The Partnership Doctrine' Addresses the practical reality of a 5-person consultancy growing to 15-20: where open-source wins, where commercial wins, and the decision framework for choosing between them. Partnership Decision Framework: - Capability (24/7 eyes-on-glass = partner) - Compliance (audit demands vendor logo = partner) - Scale (>5,000 endpoints = partner) - Time to value (<30 days = partner) - Margin (recurring revenue without proportional labour = partner) - Differentiation (partner makes us generic = refuse) Tier 1 Strategic Partnerships (deeply integrated): - Huntress: Managed EDR for 24/7 coverage we cannot staff - Thinkst Canary: Enterprise deception, high margin, low touch - Tenable: Compliance-auditable VM for regulated clients Tier 2 Situational Partnerships (deploy as needed): - Delinea (PAM), KnowBe4 (awareness), Veeam (backup), Proofpoint/Mimecast (email gateway) Tier 3 Consultant Productivity (not resold): - Burp Suite Pro, Cobalt Strike/Sliver, training Also documents what we REFUSE to partner with (all-in-one platforms, generic SIEM, opaque AI startups, M365 management competitors) and provides a Year 1 vs Year 3 partnership portfolio roadmap.	2026-05-09 17:21:59 +02:00
Tomas Kracmar	97222b0498	feat: Extended arsenal — 13 additional tools for red team, forensics, cloud offensive, and DevSecOps Added to sovereign-tool-stack.md: Red Team & Adversary Simulation: - Sliver: open-source C2 replacing Cobalt Strike for adversary simulation - Stratus Red Team: executes real cloud attack techniques (AWS/Azure/GCP) - CloudFox: attacker-view cloud privilege mapping and exploitation Container & Runtime Security: - Falco: runtime threat detection for Kubernetes and Linux - Tetragon: eBPF-based security observability (noted as alternative) Endpoint Forensics & IR: - Velociraptor: remote forensic artefact collection and hunting across thousands of endpoints via VQL Threat Intelligence: - OpenCTI: structured threat actor/TTP/IOC correlation from Filigran Deception: - OpenCanary: lightweight honeypot for early network reconnaissance warning Code & Secrets Security: - GitLeaks: scans repositories for hardcoded secrets - Semgrep: lightweight static analysis with full data sovereignty Email Security Testing: - GoPhish: open-source phishing simulation and user training Certificate Monitoring: - CertStream + crt.sh: real-time and historical certificate transparency monitoring for subdomain discovery Updated: Complete Capability Matrix, Per-Module Tool Pairing (Module 9 and 10 now include extended tools), Deployment Complexity table, and Integration With Existing Frameworks cross-references.	2026-05-09 17:13:41 +02:00
Tomas Kracmar	2b969af2a8	feat: Add sovereign tool stack and integrate ASTRAL/AOC across playbooks New document: Sovereign Tool Stack — complete capability map for our open-source consulting arsenal. Documents updated: - sovereign-tool-stack.md (new): Maps Prowler, BloodHound, CISO Assistant, Purple Knight/Forest Druid, ASTRAL, and AOC to engagement modules and antifragile pillars. Identifies 6 gaps with recommended closes: Wazuh+Sysmon (EDR), Shuffle (SOAR), TheHive+Cortex (case management), Cartography (cloud asset mapping), Syft+Grype+Trivy (containers), Zeek+Suricata (network analysis). Includes per-module tool pairing, deployment complexity matrix, and integration architecture. - m365-e3-hardening.md: Added ASTRAL 'configuration immunity' section and AOC audit log integration references - endpoint-management-entry-vector.md: Added ASTRAL for Intune configuration backup and drift detection - modular-engagements.md: Added ASTRAL and AOC to Module 1/2/3 deliverables; linked sovereign tool stack - retained-capability.md: Added AOC and Wazuh to detection engineering description - ai-assisted-tvm.md: Added AOC and Prowler to discovery layer table - blue-purple-team-foundation.md: Added sovereign tool stack reference for open-source SOC architecture - zero-budget-hardening.md: Linked sovereign tool stack - README.md + index.md: Added sovereign-tool-stack.md to navigation	2026-05-09 17:05:18 +02:00

Author

SHA1

Message

Date

Tomas Kracmar

8228ed55c4

feat: Add commercial partnership strategy to sovereign tool stack

New section: 'When to Partner Commercially: The Partnership Doctrine'

Addresses the practical reality of a 5-person consultancy growing to
15-20: where open-source wins, where commercial wins, and the decision
framework for choosing between them.

Partnership Decision Framework:
- Capability (24/7 eyes-on-glass = partner)
- Compliance (audit demands vendor logo = partner)
- Scale (>5,000 endpoints = partner)
- Time to value (<30 days = partner)
- Margin (recurring revenue without proportional labour = partner)
- Differentiation (partner makes us generic = refuse)

Tier 1 Strategic Partnerships (deeply integrated):
- Huntress: Managed EDR for 24/7 coverage we cannot staff
- Thinkst Canary: Enterprise deception, high margin, low touch
- Tenable: Compliance-auditable VM for regulated clients

Tier 2 Situational Partnerships (deploy as needed):
- Delinea (PAM), KnowBe4 (awareness), Veeam (backup),
  Proofpoint/Mimecast (email gateway)

Tier 3 Consultant Productivity (not resold):
- Burp Suite Pro, Cobalt Strike/Sliver, training

Also documents what we REFUSE to partner with (all-in-one platforms,
generic SIEM, opaque AI startups, M365 management competitors) and
provides a Year 1 vs Year 3 partnership portfolio roadmap.

2026-05-09 17:21:59 +02:00

Tomas Kracmar

97222b0498

feat: Extended arsenal — 13 additional tools for red team, forensics, cloud offensive, and DevSecOps

Added to sovereign-tool-stack.md:

Red Team & Adversary Simulation:
- Sliver: open-source C2 replacing Cobalt Strike for adversary simulation
- Stratus Red Team: executes real cloud attack techniques (AWS/Azure/GCP)
- CloudFox: attacker-view cloud privilege mapping and exploitation

Container & Runtime Security:
- Falco: runtime threat detection for Kubernetes and Linux
- Tetragon: eBPF-based security observability (noted as alternative)

Endpoint Forensics & IR:
- Velociraptor: remote forensic artefact collection and hunting across
  thousands of endpoints via VQL

Threat Intelligence:
- OpenCTI: structured threat actor/TTP/IOC correlation from Filigran

Deception:
- OpenCanary: lightweight honeypot for early network reconnaissance warning

Code & Secrets Security:
- GitLeaks: scans repositories for hardcoded secrets
- Semgrep: lightweight static analysis with full data sovereignty

Email Security Testing:
- GoPhish: open-source phishing simulation and user training

Certificate Monitoring:
- CertStream + crt.sh: real-time and historical certificate transparency
  monitoring for subdomain discovery

Updated: Complete Capability Matrix, Per-Module Tool Pairing (Module 9
and 10 now include extended tools), Deployment Complexity table, and
Integration With Existing Frameworks cross-references.

2026-05-09 17:13:41 +02:00

Tomas Kracmar

2b969af2a8

feat: Add sovereign tool stack and integrate ASTRAL/AOC across playbooks

New document: Sovereign Tool Stack — complete capability map for our
open-source consulting arsenal.

Documents updated:
- sovereign-tool-stack.md (new): Maps Prowler, BloodHound, CISO Assistant,
  Purple Knight/Forest Druid, ASTRAL, and AOC to engagement modules and
  antifragile pillars. Identifies 6 gaps with recommended closes:
  Wazuh+Sysmon (EDR), Shuffle (SOAR), TheHive+Cortex (case management),
  Cartography (cloud asset mapping), Syft+Grype+Trivy (containers),
  Zeek+Suricata (network analysis). Includes per-module tool pairing,
  deployment complexity matrix, and integration architecture.
- m365-e3-hardening.md: Added ASTRAL 'configuration immunity' section
  and AOC audit log integration references
- endpoint-management-entry-vector.md: Added ASTRAL for Intune
  configuration backup and drift detection
- modular-engagements.md: Added ASTRAL and AOC to Module 1/2/3
  deliverables; linked sovereign tool stack
- retained-capability.md: Added AOC and Wazuh to detection engineering
  description
- ai-assisted-tvm.md: Added AOC and Prowler to discovery layer table
- blue-purple-team-foundation.md: Added sovereign tool stack reference
  for open-source SOC architecture
- zero-budget-hardening.md: Linked sovereign tool stack
- README.md + index.md: Added sovereign-tool-stack.md to navigation

2026-05-09 17:05:18 +02:00

3 Commits