antifragile

cqrenet/antifragile

Fork 0

Commit Graph

Author	SHA1	Message	Date
Tomas Kracmar	97222b0498	feat: Extended arsenal — 13 additional tools for red team, forensics, cloud offensive, and DevSecOps Added to sovereign-tool-stack.md: Red Team & Adversary Simulation: - Sliver: open-source C2 replacing Cobalt Strike for adversary simulation - Stratus Red Team: executes real cloud attack techniques (AWS/Azure/GCP) - CloudFox: attacker-view cloud privilege mapping and exploitation Container & Runtime Security: - Falco: runtime threat detection for Kubernetes and Linux - Tetragon: eBPF-based security observability (noted as alternative) Endpoint Forensics & IR: - Velociraptor: remote forensic artefact collection and hunting across thousands of endpoints via VQL Threat Intelligence: - OpenCTI: structured threat actor/TTP/IOC correlation from Filigran Deception: - OpenCanary: lightweight honeypot for early network reconnaissance warning Code & Secrets Security: - GitLeaks: scans repositories for hardcoded secrets - Semgrep: lightweight static analysis with full data sovereignty Email Security Testing: - GoPhish: open-source phishing simulation and user training Certificate Monitoring: - CertStream + crt.sh: real-time and historical certificate transparency monitoring for subdomain discovery Updated: Complete Capability Matrix, Per-Module Tool Pairing (Module 9 and 10 now include extended tools), Deployment Complexity table, and Integration With Existing Frameworks cross-references.	2026-05-09 17:13:41 +02:00
Tomas Kracmar	2b969af2a8	feat: Add sovereign tool stack and integrate ASTRAL/AOC across playbooks New document: Sovereign Tool Stack — complete capability map for our open-source consulting arsenal. Documents updated: - sovereign-tool-stack.md (new): Maps Prowler, BloodHound, CISO Assistant, Purple Knight/Forest Druid, ASTRAL, and AOC to engagement modules and antifragile pillars. Identifies 6 gaps with recommended closes: Wazuh+Sysmon (EDR), Shuffle (SOAR), TheHive+Cortex (case management), Cartography (cloud asset mapping), Syft+Grype+Trivy (containers), Zeek+Suricata (network analysis). Includes per-module tool pairing, deployment complexity matrix, and integration architecture. - m365-e3-hardening.md: Added ASTRAL 'configuration immunity' section and AOC audit log integration references - endpoint-management-entry-vector.md: Added ASTRAL for Intune configuration backup and drift detection - modular-engagements.md: Added ASTRAL and AOC to Module 1/2/3 deliverables; linked sovereign tool stack - retained-capability.md: Added AOC and Wazuh to detection engineering description - ai-assisted-tvm.md: Added AOC and Prowler to discovery layer table - blue-purple-team-foundation.md: Added sovereign tool stack reference for open-source SOC architecture - zero-budget-hardening.md: Linked sovereign tool stack - README.md + index.md: Added sovereign-tool-stack.md to navigation	2026-05-09 17:05:18 +02:00

Author

SHA1

Message

Date

Tomas Kracmar

97222b0498

feat: Extended arsenal — 13 additional tools for red team, forensics, cloud offensive, and DevSecOps

Added to sovereign-tool-stack.md:

Red Team & Adversary Simulation:
- Sliver: open-source C2 replacing Cobalt Strike for adversary simulation
- Stratus Red Team: executes real cloud attack techniques (AWS/Azure/GCP)
- CloudFox: attacker-view cloud privilege mapping and exploitation

Container & Runtime Security:
- Falco: runtime threat detection for Kubernetes and Linux
- Tetragon: eBPF-based security observability (noted as alternative)

Endpoint Forensics & IR:
- Velociraptor: remote forensic artefact collection and hunting across
  thousands of endpoints via VQL

Threat Intelligence:
- OpenCTI: structured threat actor/TTP/IOC correlation from Filigran

Deception:
- OpenCanary: lightweight honeypot for early network reconnaissance warning

Code & Secrets Security:
- GitLeaks: scans repositories for hardcoded secrets
- Semgrep: lightweight static analysis with full data sovereignty

Email Security Testing:
- GoPhish: open-source phishing simulation and user training

Certificate Monitoring:
- CertStream + crt.sh: real-time and historical certificate transparency
  monitoring for subdomain discovery

Updated: Complete Capability Matrix, Per-Module Tool Pairing (Module 9
and 10 now include extended tools), Deployment Complexity table, and
Integration With Existing Frameworks cross-references.

2026-05-09 17:13:41 +02:00

Tomas Kracmar

2b969af2a8

feat: Add sovereign tool stack and integrate ASTRAL/AOC across playbooks

New document: Sovereign Tool Stack — complete capability map for our
open-source consulting arsenal.

Documents updated:
- sovereign-tool-stack.md (new): Maps Prowler, BloodHound, CISO Assistant,
  Purple Knight/Forest Druid, ASTRAL, and AOC to engagement modules and
  antifragile pillars. Identifies 6 gaps with recommended closes:
  Wazuh+Sysmon (EDR), Shuffle (SOAR), TheHive+Cortex (case management),
  Cartography (cloud asset mapping), Syft+Grype+Trivy (containers),
  Zeek+Suricata (network analysis). Includes per-module tool pairing,
  deployment complexity matrix, and integration architecture.
- m365-e3-hardening.md: Added ASTRAL 'configuration immunity' section
  and AOC audit log integration references
- endpoint-management-entry-vector.md: Added ASTRAL for Intune
  configuration backup and drift detection
- modular-engagements.md: Added ASTRAL and AOC to Module 1/2/3
  deliverables; linked sovereign tool stack
- retained-capability.md: Added AOC and Wazuh to detection engineering
  description
- ai-assisted-tvm.md: Added AOC and Prowler to discovery layer table
- blue-purple-team-foundation.md: Added sovereign tool stack reference
  for open-source SOC architecture
- zero-budget-hardening.md: Linked sovereign tool stack
- README.md + index.md: Added sovereign-tool-stack.md to navigation

2026-05-09 17:05:18 +02:00

2 Commits