RedELK
BSD-3-Clause๐ฅ Offensive Ops ยท Python
RedELK is an open-source red team SIEM (Security Information and Event Management) system built on the Elastic Stack that provides operational security monitoring and campaign tracking for long-running red team engagements. It aggregates logs from Cobalt Strike, redirectors, phishing infrastructure, and other C2 frameworks into Elasticsearch, with Kibana dashboards that visualize blue team detection activity and operator actions. Red team leads and operators use RedELK to monitor whether their infrastructure has been detected, track which payloads and techniques are triggering alerts, and maintain situational awareness across complex multi-operator campaigns. The tool automatically correlates blue team indicators like sandbox detonations and known-bad IP lookups with red team activity, enabling operators to adapt their tradecraft in real time.
Tags
Details
- Category
- ๐ฅ Offensive Ops
- Language
- Python
- Repository
- outflanknl/RedELK
- License
- BSD-3-Clause
- Platforms
- ๐งlinux
Links
Community Reviews
No reviews yet. Be the first to review RedELK.
More in Offensive Ops
Mythic
GoCollaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.
Havoc
C/C++Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.
Rubeus
C#C# toolset for raw Kerberos interaction and abuse. AS-REP roasting, Kerberoasting, ticket manipulation, delegation attacks.
Certipy
PythonActive Directory Certificate Services (AD CS) abuse tool. Find and exploit certificate template misconfigurations.
Coercer
PythonAutomatically find and exploit Windows authentication coercion vulnerabilities. PetitPotam, PrinterBug, and more.
SharpHound
C#Official BloodHound data collector. Enumerates Active Directory objects, sessions, ACLs, and trusts for graph analysis.