kali-purple
Malcolm
kali-purple | Malcolm | |
---|---|---|
18 | 4 | |
- | 1,760 | |
- | 2.4% | |
- | 9.9 | |
- | 10 days ago | |
Python | ||
- | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
kali-purple
- Kali linux switch to Purple
- FLiPN-FLaNK Stack Weekly for 20 March 2023
-
Kali Linux 2023.1 introduces 'Purple' distro for defensive security
https://gitlab.com/kalilinux/kali-purple/documentation/-/raw...
-
Hi, I'm g0tm1lk, lead developer for Kali Linux, alongside some Kali team members. We are doing an AMA on r/offensive_security at 12 - 2 pm EDT. Ask us Anything!
https://www.kali.org/docs/community/contribute/ https://gitlab.com/kalilinux/kali-purple
- Kali Purple: Kali Linux 2023.1 release
Malcolm
-
Kali Linux 2023.1 introduces 'Purple' distro for defensive security
The heavy lifting of this is CISA's Malcom [1]. Unfortunately the blog posts only provides a non-linked bullet to it [2]. Seth Grover, the main driver behind Malcom, put a lot of effort over the years into creating a turnkey soc-in-a-box distro that works especially well for an network-first approach. Endpoint isn't neglected, but the focus on Zeek, Suricata, Arkime shows the primary visibility drivers. This is not surprising, because CISA also developed a bunch of custom ICS protocol dissectors that provide visibility (DNP3, Modbus, etc.). The list is impressive [3]. All of this is turnkey available by running Malcom. Especially for OT, where we have a lot more unmanaged black boxes and networks that you don't wanna actively scan (factories have been brought down this way), passively watching is a safe and powerful approach.
It's a bit unfortunate that Kali didn't give the props to Seth's project (not even an outbound link). Perhaps this was just an oversight, or a spotlight blog post is coming later, but I hope that the history of this gets properly acknowledged, because it's darn clear where this comes from.
[1]: https://github.com/cisagov/Malcolm
[2]: https://www.kali.org/blog/kali-linux-2023-1-release/
[3]: https://cisagov.github.io/Malcolm/docs/protocols.html
-
Tool recommendation needed: Network analyzer
Now on the higher end level, I have a laptop I used for packet capture and sniffing. Using a small network tap device, I can hook this inline anywhere one suspects a potential issue. Then use software of your choice to capture and analyze data over a few days. Two I use for this purpose, along with cyber threat analysis are NTOPNG and Malcolm, a very poweful free opensource platform made by a brilliant guy at CISA. Link to git repo here. https://github.com/cisagov/Malcolm
- Malcolm A network traffic analysis tool suite for full packet capture artifacts
What are some alternatives?
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
DetectXDiscord - This Discord bot is designed to provide file scanning functionality using the VirusTotal API to check for viruses and other malware in attachments uploaded to a Discord channel.
HELK - The Hunting ELK
Preferred-Network-List-Sniffer - A reconnaissance tool for capturing and displaying SSIDs from device's Preferred Network List.
scrollbar - Simple online scrollbar editor
scrcpy - Display and control your Android device
flank-airquality - Spring - Kafka - FLaNK Stack Air Quality
CloudDemo2023 - 2023 Demos
llama.cpp - LLM inference in C/C++
FLiPStackWeekly - FLaNK AI Weekly covering Apache NiFi, Apache Flink, Apache Kafka, Apache Spark, Apache Iceberg, Apache Ozone, Apache Pulsar, and more...
ttyd - Share your terminal over the web
datagen - Generate authentic looking mock data based on a SQL, JSON or Avro schema and produce to Kafka in JSON or Avro format.