Rayhunter is an IMSI Catcher Catcher for the Orbic mobile hotspot.
THIS CODE IS PROOF OF CONCEPT AND SHOULD NOT BE RELIED UPON IN HIGH RISK SITUATIONS
Code is built and tested for the Orbic RC400L mobile hotspot, it may work on other orbics and other linux/qualcom devices but this is the only one we have tested on.
Once installed, rayhunter will run automatically whenever your Orbic device is running. It serves a web UI that provides some basic controls, such as being able to start/stop recordings, download captures, and view heuristic analyses of captures.
A real-time spectrum analyzer and signal detection tool leveraging RTL-SDR hardware for RF monitoring and jamming detection. Advanced spectrum analysis with waterfall display. Automatic signal anomaly and jamming detection. Adaptive baseline calculation and threshold adjustment. Fully customizable detection parameters. Built-in RTL-TCP compatibility for remote operation.
OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). Has a powerful correlation and analysis engine, integrating log analysis, file integrity monitoring, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.
Has supported package repositories for multiple distros: https://www.ossec.net/download-ossec/
OpenEDR is a sophisticated, free, open source endpoint detection and response solution. It provides analytic detection with Mitre ATT&CK visibility for event correlation and root cause analysis of adversarial threat activity and behaviors in real time. This world-class endpoint telemetry platform is available to all cyber-security professionals, and every sized organization, to defend against threat actors and cyber criminals.
The Insider Threat Tactics, Techniques, and Procedures (TTP) Knowledge Base aims to advance our collective understanding of the technical mechanisms that insider threats have used. With this knowledge, Insider Threat Programs and Security Operations Centers will detect, mitigate, and emulate insider actions on IT systems to stop insider threats. Utilizing the Knowledge Base, cyber defenders across organizations will identify insider threat activity on IT systems and limit the damage. Capturing and sharing the Design Principles and Methodology for developing the Knowledge Base is a foundational step to establishing this community resource and enabling its broad adoption and ongoing development.
Github: https://github.com/center-for-threat-informed-defense/insider-threat-ttp-kb
Malware persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.
This is an extract with only links to the tools and resources taken from the main article about malware persistence.
The app periodically scans your surroundings for potential tracking devices, like AirTags or other Find My devices.
The AirTags and other Find My devices are simple, small and perfect to track Android users! Without tracking warnings, as integrated on iOS, anyone could try to track your behavior by placing an AirTag in your jacket, backpack or car.
With the app you can play a sound on AirTags and find it easily. Afterward, you can view at which locations the device has tracked you. For this we use background location access. All location data never leaves your device
If you no one is trying to track you, the app will never bother you.
Amazon has registered more than 150 private-label brands with the U.S. Patent and Trademark Office and carries hundreds of thousands of items from these house brands on its site. A recent investigation by The Markup found that the online shopping behemoth often gives its own brands and exclusive products a leg up in search results over better-rated competitors. We also found Amazon is inconsistent in disclosing to shoppers that those products are Amazon-brand products or exclusives.
So we decided to add some transparency for Amazon shoppers. The Markup created a browser extension that identifies these products and makes their affiliation to Amazon clear.
A face detector (not facial identification) deep learning system based upon OpenCV and Tensorflow. Optimized for CPU, not GPU operation but does have a tensorflow-gpu switch available. Can even identify faces that aren't edge-on or partially obscured.
With their small size and ubiquitous use, we’ve become quite accostomed to commercial home-monitoring camera systems — so much so that they tend to fade into their settings, even when prominently placed up front and center. It’s an extension of camera-equipped-everything maneuvering us to take the constant recording of our lives for granted.
A Perl script which analyzes the OS it's running on top of to determine whether or not it's virtualized, and if so which product(s) it's inside of. Uses multiple techniques (no red pills, I don't think) to gather information.