Xploitshield Technologies

03/06/2026

Deciduous: Visualizing Attacker Logic with Security Decision Trees

Deciduous is an open-source web application that helps security and engineering teams build decision trees to model attacks, failures, mitigations, and system behavior. Instead of relying on undocumented assumptions, teams can create structured models that explain how a threat or failure may unfold and what controls exist to stop or redirect it.
The platform is especially valuable for threat modeling, security architecture reviews, resilience engineering, and chaos experimentation. By documenting assumptions in a visual and structured format, organizations can better understand attack paths, identify missing controls, and validate whether existing defenses work as expected.
In our latest blog, we cover everything from the fundamentals of security decision trees and attack modeling to advanced use cases involving cloud security, authentication bypass scenarios, Kubernetes compromise chains, and Security Chaos Engineering workflows. We also explore how Deciduous can be used beyond cybersecurity to model infrastructure failures and reliability scenarios.
As systems become increasingly complex, tools like Deciduous help teams transform assumptions into testable models and improve both security and resilience.
📖 Read here: [https://hackersmail.com/blog/deciduous-visualizing-attacker-logic-with-security-decision-trees]

💻 GitHub: https://github.com/rpetrich/deciduous

App that simplifies building decision trees to model adverse scenarios - rpetrich/deciduous

03/06/2026

Threagile: Automate Threat Models, Secure Your DevSecOps

Threagile is an open-source agile threat modeling toolkit designed to help organizations identify security risks early in the development lifecycle. Instead of relying on traditional documentation-heavy approaches, Threagile enables teams to model application architectures using simple YAML files and automatically evaluate them against security risk rules.

By treating threat models as code, development and security teams can keep architecture documentation up to date, automate security assessments, and continuously identify potential threats as systems evolve.

The platform supports both built-in and custom risk rules, making it flexible enough for organizations with unique security requirements. This approach helps security teams move from manual reviews to repeatable and scalable threat modeling processes that fit naturally into modern DevSecOps environments.

As organizations continue adopting cloud-native and agile development practices, tools like Threagile are helping bridge the gap between security architecture and software delivery.

📖 Read here: [https://hackersmail.com/blog/threagile-automate-threat-models-secure-your-devsecops]

💻 GitHub: https://github.com/Threagile/threagile

Agile Threat Modeling Toolkit. Contribute to Threagile/threagile development by creating an account on GitHub.

02/06/2026

🚀 Tool Spotlight: Matano

Matano is an open-source security data lake built for organizations that need to analyze large volumes of security data for threat hunting, detection, incident response, and cybersecurity analytics. Designed to run on AWS, it enables security teams to collect, process, and investigate security telemetry at petabyte scale.

Unlike traditional approaches that often become costly as log volumes grow, Matano leverages cloud-native technologies to provide scalable storage and analytics while maintaining operational flexibility. This allows security teams to focus more on finding threats and less on managing infrastructure.

Whether you're building a modern SOC, developing detection rules, performing forensic investigations, or conducting proactive threat hunting, Matano provides a powerful foundation for large-scale security operations.

As security data continues to grow exponentially, tools like Matano are helping organizations rethink how they approach security analytics in cloud environments.

📖 Read here: [https://aisecurityhub.ai/hadrian-openhack-checkpointed-agentic-whitebox-security-review-with-human-in-the-loop-control/]

💻 GitHub:
https://github.com/matanolabs/matano

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS - matanolabs/matano

02/06/2026

🚀 Tool Spotlight: Hadrian OpenHack

Hadrian OpenHack is an open-source framework that brings AI-assisted vulnerability research into a structured and repeatable workflow. Designed around the methodology used by the Hadrian research team, the framework combines multiple specialized agents that work together to discover, investigate, validate, and triage potential security findings.

The process starts with reconnaissance to identify attack surfaces and areas of interest. These observations are then converted into focused research scenarios, which are investigated by expert agents. Verified findings are independently reviewed before becoming final security reports, helping reduce noise and improve confidence in the results.

What makes OpenHack particularly interesting is its emphasis on maintaining durable state and review artifacts throughout the entire research process. Reconnaissance data, findings, logs, decisions, and triage results are preserved, making the workflow transparent, auditable, and repeatable.

As AI continues to reshape cybersecurity workflows, projects like OpenHack provide valuable insights into how human expertise and intelligent automation can work together to improve vulnerability discovery.

📖 Read here: [https://aisecurityhub.ai/hadrian-openhack-checkpointed-agentic-whitebox-security-review-with-human-in-the-loop-control/]

💻 GitHub:
https://github.com/hadriansecurity/openhack

Contribute to hadriansecurity/OpenHack development by creating an account on GitHub.

29/05/2026

🚀 Tool Spotlight: Kaitai Struct

Kaitai Struct is a powerful open-source framework used for describing and parsing binary data structures. It allows developers and researchers to define binary file formats or network protocols once using a simple declarative language and automatically generate parser code for multiple programming languages.

This makes binary analysis, reverse engineering, malware analysis, firmware research, and digital forensics much more efficient compared to manually writing parsers from scratch.

Kaitai Struct supports multiple programming languages including Python, Java, C++, JavaScript, Go, and Rust, making it highly flexible for developers and cybersecurity professionals working across different environments.

The project is especially useful when dealing with proprietary file formats, network packet structures, embedded systems, and low-level data analysis workflows.

Explore the project:
https://github.com/kaitai-io/kaitai_struct

Read here : [https://hackersmail.com/blog/kaitai-struct-decode-any-binary-format-fast]

Kaitai Struct: declarative language to generate binary data parsers in C++ / C # / Go / Java / JavaScript / Lua / Nim / Perl / PHP / Python / Ruby / Rust - kaitai-io/kaitai_struct

29/05/2026

🚀 Tool Spotlight: Rizin

Rizin is a powerful open-source reverse engineering framework built for binary analysis, debugging, code disassembly, and digital forensics. The project was born as a fork of radare2 with a vision of improving usability, maintaining cleaner architecture, and delivering a better experience for reverse engineers and cybersecurity professionals.

The framework can analyze binaries, inspect low-level code, debug applications, edit hexadecimal data, and automate workflows through scripting. Its portability and support for multiple architectures make it highly useful for malware analysts, CTF players, firmware researchers, and security professionals working in low-level environments.

Rizin continues to grow as a modern alternative in the reverse engineering ecosystem and is becoming an important tool for many researchers and developers in cybersecurity.

Explore the project:
https://github.com/rizinorg/rizin

Read here : [https://hackersmail.com/blog/rizin-open-source-unix-like-reverse-engineering-framework-and-command-line-toolset]

UNIX-like reverse engineering framework and command-line toolset. - rizinorg/rizin

28/05/2026

PhishDetect is an excellent open-source project designed to crack down on these advanced scams. Written in Go, it can read a raw web page's code directly, or it can automatically open the link inside a safe, isolated Google Chrome browser running in a Docker container. By watching how the web page behaves in real-time, it uncovers hidden traps before they reach real users. What we cover in this deep-dive guide:
✅ Static vs. Dynamic Analysis: How to switch between scanning raw HTML strings and spinning up automated browser instances.
✅ Adding Your Own YARA Rules: A clear walkthrough on feeding custom threat signatures into the engine to instantly spot known clone sites.
✅ Brand Protection Mapping: Using simple YAML configuration files to train the platform to defend specific corporate brand assets.
✅ Go Library Implementation: Code snippets showing how to easily drop the phishdetect package into your own custom security tools. Upgrade your defensive toolkit and safely analyze deceptive web links without putting your hardware at risk! 🛡️✨
Read more: [https://hackersmail.com/blog/phishing-detected-stop-attacks-with-ast-docker]

28/05/2026

Mailoney is a brilliant, open-source SMTP honeypot that tricks these bots by acting exactly like an open mail server. Instead of letting attacks hit your real systems, Mailoney catches them in an isolated environment and logs their every move. The brand new version (2.1.0) has been completely rebuilt from scratch, making it incredibly easy to configure and connect to modern databases.

What we cover in this practical setup guide:
✅ Real-Time Attacker Traps: How Mailoney simulates port 25 exchanges to capture username/password harvesting attempts.
✅ Structured Threat Logging: Setting up PostgreSQL or MySQL to neatly catalog connection metadata and attacker tactics.
✅ Safe Payload Quarantine: Configuring the tool to safely isolate email bodies as .eml files without risking your host machine's security.
✅ Docker Deployment Steps: How to spin up the whole framework in under two minutes using a single container command.

Turn random background scans into structured threat intelligence for your defensive team! 🛡️✨

Read more: [https://hackersmail.com/blog/smtp-honeypot-unmask-7-cyber-threats-now]

27/05/2026

Passbolt is a brilliant, completely open-source password manager built from the ground up for safe, secure team collaboration! Operating out of the EU (Luxembourg), its strict privacy framework means your passwords are encrypted on your local computer before they ever reach the server. What we break down in this comprehensive masterclass:
✅ True User-Owned Keys: See how individual OpenPGP keys keep passwords safe on user devices, meaning even a server break-in won't expose your team data.
✅ Granular Sharing Rules: Learn how to grant precise Read, Update, or Owner privileges to specific individuals or departments effortlessly.
✅ Sandbox Defense: A look at how its mandatory browser extension creates an isolated wall that stops sneaky hackers from pulling out your credentials.
✅ 3 Seamless Installation Methods: Simple, step-by-step blueprints to spin up your server via Docker, local Linux command line interfaces, or secure cloud setups. Take ownership of your company’s internal credentials and protect your data with transparent security! 🛡️✨

Read more: [https://hackersmail.com/blog/passbolt-secure-shared-credentials-for-teams-now]

27/05/2026

Doppler is a powerful SecretOps platform built to completely eliminate secret sprawl. Instead of forcing developers to juggle dozens of separate .env files, Doppler provides a clean, unified dashboard where your entire team can securely store, version, and manage every single application key in one safe place.

What we cover in this practical overview:
✅ Real-Time Environment Syncing: See how updating a parameter in your Doppler dashboard instantly pushes changes out to all connected cloud platforms automatically.
✅ Safe In-Memory Injection: Learn how the Doppler CLI passes configurations straight into your application process, meaning secrets are never stored exposed on your local hard drive.
✅ Smart Variable Inheritance: Set up master keys that pass down to staging and dev environments automatically, saving time and avoiding typos.
✅ Full Activity Auditing: Keep a precise history of every single change made to your app variables, with full rollback protection if an incorrect entry breaks a build.

Take control of your application credentials and make your multi-cloud security airtight! 🛡️✨

Read more: [https://aisecurityhub.ai/doppler-multi-cloud-secretops-platform-for-developer-first-secrets-management-at-enterprise-scale/]