Category: Defense

SSH3

SSH3: faster and rich secure shell using HTTP/3

SSH3: faster and rich secure shell using HTTP/3 SSH3 is a complete revisit of the SSH protocol, mapping its semantics on top of the HTTP mechanisms. In a nutshell, SSH3 uses QUIC+TLS1.3 for secure channel establishment...

Linux Threat Hunting

kunai v0.2 releases: Threat hunting tool for Linux

kunai The goal behind this project is to bring relevant events to achieve various monitoring tasks ranging from security monitoring to Threat Hunting on Linux-based systems. If you are familiar with Sysmon on Windows,...

blue team tool

FalconHound v1.3 releases: blue team multi-tool

FalconHound FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with an SIEM...

Rootkit Detection

ved-ebpf: Kernel Exploit and Rootkit Detection using eBPF

VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF VED (Vault Exploit Defense)-eBPF leverages eBPF (extended Berkeley Packet Filter) to implement runtime kernel security monitoring and exploit detection for Linux systems. Introduction eBPF is an...

Phishing Domain Finder

antisquat: An AI-Powered Phishing Domain Finder

AntiSquat AntiSquat leverages AI techniques such as natural language processing (NLP), large language models (ChatGPT) and more to empower detection of typosquatting and phishing domains. What sets AntiSquat apart Large Language Model / ChatGPT...

monitoring eBPF programs

ebpfmon: tool for monitoring eBPF programs

ebpfmon ebpfmon is a tool for monitoring eBPF programs. It is designed to be used with bpftool from the Linux kernel. ebpfmon is a TUI (terminal UI) application written in Go that allows you to do real-time...

Web Application Firewall Project

Web Application Firewall (WAF) Comparison Project

Web Application Firewall (WAF) Comparison Project This project repository contains testing datasets and tools to compare WAF efficacy in the two most important categories: Security Coverage (True Positive Rate) – measures the WAF’s ability...

Detect Infections

melee: Detect Infections in MySQL Instances

MELEE: A Tool to Detect Ransomware Infections in MySQL Instances Attackers are abusing MySQL instances for conducting nefarious operations on the Internet. The cybercriminals are targeting exposed MySQL instances and triggering infections at scale...