Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

Open source ARM Cortex-M microcontroller library

Optimized C library for EC operations on curve secp256k1

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months …

Run compilers interactively from your web browser and interact with the assembly

Guidelines for low-level cryptography software

Constant-Time Toolkit

Flexible and Constant Time Programming Language

The SAILR paper's evaluation pipline for measuring the quality of decompilation

Language for high-assurance and high-speed cryptography

Verifying constant-time code with symbolic execution

Clang/LLVM patches to zero stack/registers of sensitive functions

Constant-time choose between two variables in Clang/LLVM

Ghidra is a software reverse engineering (SRE) framework

Container runtimes on macOS (and Linux) with minimal setup

A new (MLIR based) high-level IR for clang.

Map visualization and firewall for AWS activity, inspired by Little Snitch for macOS.

App that simplifies building decision trees to model adverse scenarios

Patchestry is a binary patching framework built with MLIR and Ghidra.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

AWS MCP Servers — helping you get the most out of AWS, wherever you use MCP.

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

jxscout superpowers JavaScript analysis for security researchers

FrogPost: postMessage Security Testing Tool