NSA Cybersecurity Directorate

Repositories

• Hardware-and-Firmware-Security-Guidance

  Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

  audit vulnerability cve nessus spectre guidance meltdown
  C 108 446 2 0 Updated Jul 19, 2021

• Chinese-State-Sponsored-Cyber-Operations-Observed-TTPs

  Supporting files for the Chinese State-Sponsored Cyber Operations: Observed TTPs Cybersecurity Advisory. #nsacyber

  tactics procedures techniques mitre-attack mitre-attack-navigator
  0 2 0 0 Updated Jul 19, 2021

• HIRS

  Trusted Computing based services supporting TPM provisioning and supply chain validation concepts. #nsacyber

  validation supply-chain provisioning integrity trusted-platform-module trusted-computing
  Java 42 99 6 2 Updated Jul 16, 2021

• BAM

  The Binary Analysis Metadata tool gathers information about Windows binaries to aid in their analysis. #nsacyber

  metadata binary binary-analysis
  Python 21 104 8 0 Updated Jul 9, 2021

• Mitigating-Web-Shells

  Guidance for mitigation web shells. #nsacyber

  guidance webshell mitigation webshells
  YARA 161 748 2 1 Updated Jul 7, 2021

• WALKOFF

  A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber

  python security workflow devops automation framework administration
  Python 211 906 34 (5 issues need help) 14 Updated Jun 30, 2021

• paccor

  The Platform Attribute Certificate Creator can gather component details, create, sign, and validate the TCG-defined Platform Credential. #nsacyber

  certificate certificates credential trusted-computing
  Java Apache-2.0 12 35 1 1 Updated Jun 16, 2021

• PRUNE

  Logs key Windows process performance metrics. #nsacyber

  windows performance process performance-metrics etw
  C# 14 45 0 0 Updated May 3, 2021

• nsacyber.github.io

  NSA Cybersecurity. Formerly known as NSA Information Assurance and the Information Assurance Directorate

  github-pages
  PowerShell 56 204 1 0 Updated Mar 16, 2021

• HTTP-Connectivity-Tester

  Aids in discovering HTTP and HTTPS connectivity issues. #nsacyber

  testing http test https connection connectivity diagnostics
  PowerShell 30 73 6 0 Updated Feb 19, 2021

• Mitigating-Obsolete-TLS

  Guidance for mitigating obsolete Transport Layer Security configurations. #nsacyber

  tls ssl guidance mitigations snort-rules
  PowerShell 33 215 2 0 Updated Feb 3, 2021

• Event-Forwarding-Guidance

  Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber

  windows event-log siem
  PowerShell 147 641 5 4 Updated Nov 17, 2020

• unfetter Archived

  Identifies defensive gaps in security posture by leveraging Mitre's ATT&CK framework. #nsacyber

  unfetter
  44 155 11 2 Updated May 11, 2020

• GRASSMARLIN Archived

  Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments. #nsacyber

  visualization monitor networking monitoring analysis network ics
  Java 253 647 23 0 Updated Feb 24, 2020

• AppLocker-Guidance Archived

  Configuration guidance for implementing application whitelisting with AppLocker. #nsacyber

  windows applocker whitelisting application-whitelisting microsoft-applocker
  PowerShell 61 175 3 0 Updated Dec 17, 2019

• simon-speck Archived

  The SIMON and SPECK families of lightweight block ciphers. #nsacyber

  cryptography crypto cipher ciphers cryptography-library crypto-library simon
  37 150 0 0 Updated Nov 12, 2019

• Blocking-Outdated-Web-Technologies

  Guidance for blocking outdated web technologies. #nsacyber

  web guidance
  PowerShell 12 35 0 0 Updated Oct 30, 2019

• BitLocker-Guidance Archived

  Configuration guidance for implementing BitLocker. #nsacyber

  microsoft windows encryption audit nessus guidance bitlocker
  HTML 31 79 0 0 Updated Jul 24, 2019

• RandPassGenerator Archived

  A command-line utility for generating random passwords, passphrases, and raw keys. #nsacyber

  password-generator password
  Java 17 36 0 0 Updated Jun 5, 2019

• WALKOFF-Apps Archived

  WALKOFF-enabled applications. #nsacyber

  python iot security automation administration integration analytics
  YARA 42 128 4 1 Updated Mar 14, 2019

• Windows-Event-Log-Messages

  Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. #nsacyber

  windows event-log
  C# 94 359 17 0 Updated Mar 7, 2019

• CodeGov Archived

  Creates a code.gov code inventory JSON file based on GitHub repository information. #nsacyber

  government json gov powershell-module
  PowerShell 14 16 0 0 Updated Jan 17, 2019

• Cyber-Challenge Archived

  Supporting files for cyber challenge exercises. #nsacyber

  challenge cybersecurity cyber
  Jupyter Notebook 14 30 0 0 Updated Oct 5, 2018

• Windows-Secure-Host-Baseline Archived

  Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber

  windows auditing certificates chrome-browser audit windows-10 windows-server
  HTML 262 1,307 13 0 Updated Sep 12, 2018

• Detect-CVE-2017-15361-TPM Archived

  Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

  rsa audit vulnerability cve nessus tpm trusted-platform-module
  PowerShell 22 34 1 0 Updated Sep 4, 2018

• simon-speck-supercop Archived

  Fast implementations of the SIMON and SPECK lightweight block ciphers for the SUPERCOP benchmark toolkit. #nsacyber

  cryptography crypto cipher ciphers cryptography-library crypto-library simon
  C 16 36 0 0 Updated Jun 13, 2018

• Driver-Collider Archived

  Blocks drivers from loading by using a name collision technique. #nsacyber

  windows driver
  C 18 39 0 0 Updated Dec 18, 2017

• serial2pcap Archived

  Converts serial IP data, typically collected from Industrial Control System devices, to the more commonly used Packet Capture (PCAP) format. #nsacyber

  converter pcap convert conversion control-systems scada ics-scada
  Python 31 42 0 0 Updated Oct 25, 2017

• goSecure Archived

  An easy to use and portable Virtual Private Network (VPN) system built with Linux and a Raspberry Pi. #nsacyber

  linux raspberry-pi vpn strongswan
  Python 177 936 3 (1 issue needs help) 3 Updated Jun 27, 2017

• AtomicWatch Archived

  Intel Atom C2000 series discovery tool that parses log files and returns results if a positive match is found. #nsacyber

  atom cpu processor intel
  Python 20 27 0 0 Updated Jun 9, 2017