97222b0498
feat: Extended arsenal — 13 additional tools for red team, forensics, cloud offensive, and DevSecOps
...
Added to sovereign-tool-stack.md:
Red Team & Adversary Simulation:
- Sliver: open-source C2 replacing Cobalt Strike for adversary simulation
- Stratus Red Team: executes real cloud attack techniques (AWS/Azure/GCP)
- CloudFox: attacker-view cloud privilege mapping and exploitation
Container & Runtime Security:
- Falco: runtime threat detection for Kubernetes and Linux
- Tetragon: eBPF-based security observability (noted as alternative)
Endpoint Forensics & IR:
- Velociraptor: remote forensic artefact collection and hunting across
thousands of endpoints via VQL
Threat Intelligence:
- OpenCTI: structured threat actor/TTP/IOC correlation from Filigran
Deception:
- OpenCanary: lightweight honeypot for early network reconnaissance warning
Code & Secrets Security:
- GitLeaks: scans repositories for hardcoded secrets
- Semgrep: lightweight static analysis with full data sovereignty
Email Security Testing:
- GoPhish: open-source phishing simulation and user training
Certificate Monitoring:
- CertStream + crt.sh: real-time and historical certificate transparency
monitoring for subdomain discovery
Updated: Complete Capability Matrix, Per-Module Tool Pairing (Module 9
and 10 now include extended tools), Deployment Complexity table, and
Integration With Existing Frameworks cross-references.
2026-05-09 17:13:41 +02:00
2b969af2a8
feat: Add sovereign tool stack and integrate ASTRAL/AOC across playbooks
...
New document: Sovereign Tool Stack — complete capability map for our
open-source consulting arsenal.
Documents updated:
- sovereign-tool-stack.md (new): Maps Prowler, BloodHound, CISO Assistant,
Purple Knight/Forest Druid, ASTRAL, and AOC to engagement modules and
antifragile pillars. Identifies 6 gaps with recommended closes:
Wazuh+Sysmon (EDR), Shuffle (SOAR), TheHive+Cortex (case management),
Cartography (cloud asset mapping), Syft+Grype+Trivy (containers),
Zeek+Suricata (network analysis). Includes per-module tool pairing,
deployment complexity matrix, and integration architecture.
- m365-e3-hardening.md: Added ASTRAL 'configuration immunity' section
and AOC audit log integration references
- endpoint-management-entry-vector.md: Added ASTRAL for Intune
configuration backup and drift detection
- modular-engagements.md: Added ASTRAL and AOC to Module 1/2/3
deliverables; linked sovereign tool stack
- retained-capability.md: Added AOC and Wazuh to detection engineering
description
- ai-assisted-tvm.md: Added AOC and Prowler to discovery layer table
- blue-purple-team-foundation.md: Added sovereign tool stack reference
for open-source SOC architecture
- zero-budget-hardening.md: Linked sovereign tool stack
- README.md + index.md: Added sovereign-tool-stack.md to navigation
2026-05-09 17:05:18 +02:00
3569cd7c45
fix: Correct M365 E3 licensing capabilities across playbooks
...
E3 includes Entra ID P1 (conditional access, SSPR) and Defender for
Endpoint P1 (AV, device control, ASR audit mode), not just 'Free'/'AV only'.
Key corrections:
- m365-e3-hardening.md: Entra ID P1 with conditional access is now
correctly listed as included; Intune is full not 'basic'; ASR audit
mode is available in P1; risk-based gap reframed as 'No Entra ID P2'
- zero-budget-hardening.md: E3 comparison table now shows Entra ID P1
and Defender for Endpoint P1 correctly; pitch text updated
- modular-engagements.md: MFA description now reflects conditional
access availability in E3
- m365-antifragile-project.md: Conditional Access heading now correctly
notes E3 includes P1; E3 baseline mentions conditional access
- endpoint-management-entry-vector.md: Intune described as full MDM/MAM
2026-05-09 16:58:36 +02:00
763da003d3
Initial commit: antifragile cybersecurity consulting blueprint
...
Complete repository of frameworks, playbooks, and assessment resources
for cybersecurity consultations focused on antifragile enterprise design.
Includes:
- Core philosophy and manifest (5 pillars)
- 12 modular engagement packages
- AI sovereignty and operations frameworks
- Zero-budget vulnerability discovery and hardening playbooks
- M365 E3 hardening and antifragile project plans
- Osquery sovereign discovery platform blueprint
- Perimeter scanning capability guide
- AI-assisted TVM blueprint for AI-powered adversaries
- Vertical specializations: banking, telco, power/utilities
- CIS Controls v8 and NIST CSF 2.0 mappings
- Risk registers and assessment templates
- C-suite conversation guide and business case templates
2026-05-09 16:53:22 +02:00
