Open source tools offer software that–in addition to being free–has had its code reviewed by numerous users. This means that most of the time (squints at Log4Shell) problems with the code are identified and resolved. Plus, they often offer appealing features since users can post requests for them.
Want to learn more about how we use these? In our podcast, we talk about these tools in greater depth. Check it out here!
We broke down our favorite tools into the following categories: Basic Security, Testing Attacks / Detections, and OSINT.
Basic security needs
A good password manager helps keep your environment secure–and Bitwarden offers encrypted cloud storage as well as on-prem hosting. Their Android apps and browser extensions work well together and provide users with seamless sharing and a user-friendly interface.
Using uBlock helps protect you from a lot of the nonsense on the internet, blocking ads and other unwanted content, including malware and phishing attempts. It does a great job of removing ads from YouTube!
For testing attacks and detections
Splunk’s Attack Range project lets you build a Splunk testing environment in AWS to run attacks and test detections. Attack Range includes Windows and Linux hosts with logging configured and forwarding to Splunk.
The Atomic Red Team, which is available in Splunk Attack Range, has a collection of modular scripts for executing common attacker behavior and allows you to simulate common attacks on a network. You can run a Splunk search and see if it detected any of these behaviors.
For OSINT and research tools
Machinae is the most used tool at HL for gathering basic information around IOCs such as file hashes, urls, IPs, and emails. After it runs, Machinae will generate a list with all of the OSINT data it gathers from those sources.
Similar to our Machinae tool is Spiderfoot. It offers many features and sites that information can be queried from. The tool also offers a web GUI to allow for easy usability and access to data. There is a paid version of the tool, but the open source one still allows for gathering of information–and does a good job of it.
CyberChef–which has a Splunk addon–is an encryption/decryption application built in a simple way to allow both technical and non-technical users to utilize it for decrypting or encrypting data into many various encoding methods. And it has a very user-friendly GUI, too.
There are several applications and browser extensions available on privacytools.io that are useful for helping you manage your privacy and security. One tool available here that we particularly like is the encrypted notepad, Standard Notes.
These tools will help make a strong security stance more accessible to you–just don’t forget: when setting up open source tools, always remember to change any default passwords!