KoreLogic provides highly skilled cyber security services to Fortune 100 companies and the U.S. Government. KoreLogic provides public tools to help the information security community.


KoreLogic has published a number of open-source projects. Most are hosted on GitHub, and have a project-specific PGP key for release signing. Some are no longer being actively developed.

Project Synopsis Key
FTimes A forensic system baselining, searching, and evidence collection tool. Its primary purpose is to gather and/or develop topographical information and attributes about specified directories and files in a manner conducive to integrity monitoring, intrusion detection, and forensic analysis. ftimes-code
Giles A compiler that creates event correlation engines (production systems) represented as a SQL-based Relational Database Management System (RDBMS). giles-project
KLEL A simple expression language implemented as a library that can be embedded in other programs (e.g., FTimes). libklel-code
MASTIFF A static analysis framework that automates the process of extracting key characteristics from a number of different file formats and supports malware, intrusion, and forensic analysis. mastiff-project
PathWell A library and PAM module for measuring and dynamically enforcing password complexity across enterprise users, focusing on the uniqueness of each user password's topology. pathwell-project
WebJob A secure automation framework that can be used support arbitrary tasks on both UNIX and Windows clients, supporting encrypted and signed jobs and responses, large scale multi-tier deployments, etc.
WMkick A MITM tool for WMI (135/tcp) and WSMan/WinRM (5985/tcp), used to capture NetNTLMv2 hashes in a Windows network.