|A forensic system baselining, searching, and evidence collection tool. Its primary purpose is to gather and/or develop topographical information and attributes about specified directories and files in a manner conducive to integrity monitoring, intrusion detection, and forensic analysis.
|A compiler that creates event correlation engines (production systems) represented as a SQL-based Relational Database Management System (RDBMS).
|A simple expression language implemented as a library that can be embedded in other programs (e.g., FTimes).
|A static analysis framework that automates the process of extracting key characteristics from a number of different file formats and supports malware, intrusion, and forensic analysis.
|A library and PAM module for measuring and dynamically enforcing password complexity across enterprise users, focusing on the uniqueness of each user password's topology.
|A secure automation framework that can be used support arbitrary tasks on both UNIX and Windows clients, supporting encrypted and signed jobs and responses, large scale multi-tier deployments, etc.
|A MITM tool for WMI (135/tcp) and WSMan/WinRM (5985/tcp), used to capture NetNTLMv2 hashes in a Windows network.