Category: Defense

Linux Host-based Intrusion Detection System

eHIDS: Linux Host-based Intrusion Detection System based on eBPF

eHIDS A Linux Host-based Intrusion Detection System based on eBPF. Implementations & Functionalities: TCP network data capture UDP network data capture DNS information capture in uprobe mode Process data capture Uprobe way to achieve...

wazuh endpoint security

wazuh v4.7 releases: Host and endpoint security

Wazuh Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the following capabilities: Log...

threat hunting framework

Crawlector v2.3 releases: threat hunting framework

Crawlector Crawlector (the name Crawlector is a combination of Crawler & Detector) is a threat hunting framework designed for scanning websites for malicious objects. Note-1: The framework was first presented at the No Hat conference in Bergamo, Italy on...

CloudGraph

CloudGraph: universal GraphQL API and CSPM tool for AWS, Azure, GCP, and K8s

CloudGraph CloudGraph is the free open-source universal GraphQL API and Cloud Security Posture Management (CSPM) tool for AWS, Azure, GCP, and K8s. With CloudGraph you get: Free and effortless compliance checks (i.e. CIS 1.2) Type-Safe asset inventories for all of your resources in...

spam filtering system

rspamd: Rapid spam filtering system

Rspamd Rspamd is an advanced spam filtering system and email processing framework that allows the evaluation of messages by a number of rules including regular expressions, statistical analysis, and custom services such as URL...

Prevent SSRF attacks

metabadger v0.1.11 releases: Prevent SSRF attacks on AWS EC2

Metabadger Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2). Metabadger Purpose and functionality Diagnose and evaluate your current usage of the AWS Instance Metadata...

Swift-Attack

Swift-Attack: detect common macOS post-exploitation methods

Swift-Attack Unit tests for blue teams to aid with building detections for some common macOS post-exploitation methods. I have included some post-exploitation examples using both command line history and on-disk binaries (which should be...

Windows OS Hardening

Windows OS Hardening with PowerShell DSC

posh-dsc-windowsserver-hardening This repository contains PowerShell DSC code for the secure configuration of Windows Server according to the following hardening guidelines: CIS Microsoft Windows Server 2019 Release 1809 benchmark v1.1.0 CIS Microsoft Windows Server 2016...