Open Source @ NSA

Build Python 3 applications that integrate with Apache Accumulo

Apache Accumulo

Automates the flow of data between systems. NiFi implements concepts of Flow-Based Programming and solves common data flow problems faced by enterprises.

Configuration guidance for implementing application whitelisting with AppLocker. #nsacyber

Intel Atom C2000 series discovery tool that parses log files and returns results if a positive match is found. #nsacyber

The Binary Analysis Metadata tool gathers information about Windows binaries to aid in their analysis. #nsacyber

The beer-garden application

Configuration guidance for implementing BitLocker. #nsacyber

Guidance for blocking outdated web technologies. #nsacyber

SkillTree

Identifies unexpected and prohibited certificate authority certificates on Windows systems. #nsacyber

Supporting files for the Chinese State-Sponsored Cyber Operations: Observed TTPs Cybersecurity Advisory. #nsacyber

Creates a code.gov code inventory JSON file based on GitHub repository information. #nsacyber

A proposed hardware-based method for stopping known memory corruption exploitation techniques. #nsacyber

Supporting files for cyber challenge exercises. #nsacyber

DataWave is an ingest/query framework that leverages Apache Accumulo to provide fast, secure data access.

The Dictionary service provides access to the data dictionary and edge dictionary. These services provide metadata about fields that are stored in Accumulo.

This project leverages Ansible to automate DataWave deployments on your cluster

Digest, stat, and copy files from one location to another in the same read pass

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

The Decision Maximizer 3000 optimization project

Blocks drivers from loading by using a name collision technique. #nsacyber

Distributed P2P Data-driven Workflow Framework

An educational demonstration of breaking the Enigma machine

Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber

Sequence Indexing and Search

Simulate realistic trajectory data seen through sporadic reporting

Ghidra is a software reverse engineering (SRE) framework

Supporting Data Archives for Ghidra

An easy to use and portable Virtual Private Network (VPN) system built with Linux and a Raspberry Pi. #nsacyber

Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments. #nsacyber

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

Trusted Computing based services supporting TPM provisioning and supply chain validation concepts. #nsacyber

Aids in discovering HTTP and HTTPS connectivity issues. #nsacyber

Log-based transactional graph engine

Data-driven automation platform

A prototype that demonstrates a method for scoring how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber

Create root and intermediate Certificate Authorities, issue user and server certificates, etc. for testing purposes.

Assesses CPU security of embedded devices. #nsacyber

Guidance for mitigating obsolete Transport Layer Security configurations. #nsacyber

Guidance for mitigation web shells. #nsacyber

nbgallery is a user-friendly Jupyter notebook sharing and collaboration platform.

A kernel network manager with monitoring and limiting capabilities for macOS. #nsacyber

A userland network manager with monitoring and limiting capabilities for macOS. #nsacyber

Radically simplifies the operation of enterprise networks with SDN applications that reside on top of an OpenFlow-capable network controller.

Software Development Kit to enable remotely retrieval and verify target platforms integrity

OZONE Widget Framework

The Platform Attribute Certificate Creator can gather component details, create, sign, and validate the TCG-defined Platform Credential. #nsacyber

Proactively-secure Accumulo with Cryptographic Enforcement (PACE) adds client-side encryption and signatures to Accumulo.

Configuration guidance for implementing Pass-the-Hash mitigations. #nsacyber

Logs key Windows process performance metrics. #nsacyber

Provides bulk nominatim geocoding for QGIS

QGIS D3 Date and Time Heatmap

QGIS conversion tools to display the local date, time, time zone, convert between UNIX time (Epoch), Julian dates, ISO8601, calculate the difference between two dates, select a location and time zone by clicking on the map and display the closet location and sun statistics.

Fast KML Import and Export Plugin for QGIS

QGIS tools to capture and zoom to coordinates using decimal, DMS, WKT, GeoJSON, MGRS, UTM, UPS, GEOREF, and Plus Codes notation. Provides external map support, MGRS & Plus Codes conversion and point digitizing tools.

QGIS Lock Zoom to Tile Scale

QGIS Tools to capture and zoom to MGRS coordinates.

Enhanced textual vector layer searching in QGIS.

Shape Tools creates geodesic shapes and includes a number of geodesic tools for QGIS including the XY to Line tool, geodesic densify tool, geodesic line break, geodesic measure tool, geodesic measurement layer, geodesic scale, rotate and translate tool, and digitize points at an azimuth & distance tools.

A WebSocket library for use with Apache Accumulo

A command-line utility for generating random passwords, passphrases, and raw keys. #nsacyber

A software-defined radio (SDR) framework designed to support the development, deployment, and management of real-time software radio applications.

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

Confines privileged processes based on security policies by enforcing mandatory access control over all Android processes. SE for Android has been part of Android since Android 4.3.

A mandatory access control mechanism in the Linux kernel that checks for allowed operations after standard discretionary access controls are checked. It can enforce rules on files and processes in a Linux system, and on the actions they perform, based on defined policies. SELinux has been part of the Linux kernel since version 2.6.0.

Converts serial IP data, typically collected from Industrial Control System devices, to the more commonly used Packet Capture (PCAP) format. #nsacyber

The SIMON and SPECK families of lightweight block ciphers. #nsacyber

Fast implementations of the SIMON and SPECK lightweight block ciphers for the SUPERCOP benchmark toolkit. #nsacyber

A system automation and configuration management stack targeted toward operational flexibility and policy compliance.

SkillTree client libraries facilitating the rapid integration of a gamified tool training approach in conjunction with skills-service. Provides out of the box support for Angular, React, Vue.js, and native Javascript.

SkillTree skills-client-examples

SkillTree documentation, covering client integration, dashboard administration and deployment, and contribution guidelines.

SkillTree is a micro-learning gamification platform supporting the rapid integration of a gamified tool training approach into new and existing applications.

SkillTree

Automatically scores how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber

Accumulo backed time series database

The main project for the Unfetter-Discover application. This is the project that will hold the configuration files, the docker-compose files, issue tracking, and documentation

A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber

WALKOFF-enabled applications. #nsacyber

WaterSlide is a streaming event-at-a-time architecture for processing metadata. It is designed to take in a set of streaming events from multiple sources, process them through a set of modules ("kids"), and return meaningful outputs.

Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. #nsacyber

Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber

A library for building efficient set-membership filters and dictionaries based on the Satisfiability problem.