Defending

Defending

Fibratus
Fibratus
Fibratus detects, protects, and eradicates advanced adversary tradecraft by scrutinizing and asserting a wide spectrum of system events against a behavior-driven rule engine and YARA memory scanner
·fibratus.io·
Fibratus
SpyGuard/SpyGuard: SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device.
SpyGuard/SpyGuard: SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device.
SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device. - SpyGuard/SpyGuard
·github.com·
SpyGuard/SpyGuard: SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device.
ahmedkhlief/APT-Hunter: APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
ahmedkhlief/APT-Hunter: APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su...
·github.com·
ahmedkhlief/APT-Hunter: APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
cisagov/Malcolm: Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
cisagov/Malcolm: Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts. - cisagov/Malcolm
·github.com·
cisagov/Malcolm: Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
Grzegorz Tworek on Twitter / X
Grzegorz Tworek on Twitter / X
Eliminate huge part of lateral movement scenarios with one command: "reg.exe add HKLM\SYSTEM\CurrentControlSet\Control /v DisableRemoteScmEndpoints /t REG_DWORD /d 1"It will make Service Control Manager deaf to remote management. Everything else works properly. pic.twitter.com/ltVUY84Hm4— Grzegorz Tworek (@0gtweet) May 12, 2020
·x.com·
Grzegorz Tworek on Twitter / X
Nasreddine Bencherchali on Twitter / X
Nasreddine Bencherchali on Twitter / X
For my fellow ETW enthusiasts, you can use the Microsoft-JScript {57277741-3638-4A4B-BDBA-0AC6E45DA56C} Provider to detect this and many other JScript based activities 🚀 (such as HTA applications leveraging Jscript)EID 105 (and others) will capture both the binary and command… https://t.co/5sVf2FE4Yr pic.twitter.com/gwOqR2pbcG— Nasreddine Bencherchali (@nas_bench) February 28, 2024
·x.com·
Nasreddine Bencherchali on Twitter / X
You can find #Linux malware masquerading as a kernel thread - Agentless Linux Security on Twitter / X
You can find #Linux malware masquerading as a kernel thread - Agentless Linux Security on Twitter / X
You can find #Linux malware masquerading as a kernel thread using this command:cat /proc//mapsI'm going to show you how in this thread. #DFIR #sandflysecurity pic.twitter.com/E49dIQ06nC— Craig Rowland - Agentless Linux Security (@CraigHRowland) February 25, 2020
·x.com·
You can find #Linux malware masquerading as a kernel thread - Agentless Linux Security on Twitter / X
Detecting Offensive PowerShell Attack Tools
Detecting Offensive PowerShell Attack Tools
At DerbyCon V (2015), I presented on Active Directory Attack & Defense and part of this included how to detect & defend against PowerShell attacks. Update: I presented at BSides Charm (Baltimore) on PowerShell attack & defense in April 2016. More information on PowerShell Security: PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection The most ...
·adsecurity.org·
Detecting Offensive PowerShell Attack Tools
stratosphereips/StratosphereLinuxIPS: Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.
stratosphereips/StratosphereLinuxIPS: Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.
Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CV...
·github.com·
stratosphereips/StratosphereLinuxIPS: Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.
eBPF for Cybersecurity - Part 1
eBPF for Cybersecurity - Part 1
What is eBPF ? born out of a need for a better Linux tracing tool. first released in a limited capacity in 2014 with Linux 3.18, making full use of eBPF at least Linux 4.4 or above eBPF can run sandboxed programs in the Linux kernel without changin...
·blog.cloudnativefolks.org·
eBPF for Cybersecurity - Part 1
CycodeLabs/raven
CycodeLabs/raven
RAVEN (Risk Analysis and Vulnerability Enumeration for CI/CD) is a powerful security tool designed to perform massive scans for GitHub Actions CI workflows and digest the discovered data into a Neo4j database.
·github.com·
CycodeLabs/raven
future-architect/vuls: Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
future-architect/vuls: Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices - GitHub - future-architect/vuls: Agent-less vulnerability scanner for Lin...
·github.com·
future-architect/vuls: Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
SiriusScan/Sirius
SiriusScan/Sirius
Contribute to SiriusScan/Sirius development by creating an account on GitHub.
·github.com·
SiriusScan/Sirius
Endpoint Detection of Remote Service Creation and PsExec - F-Secure Blog
Endpoint Detection of Remote Service Creation and PsExec - F-Secure Blog
Lateral movement is when attackers move from a compromised host to other hosts to expand their access and reach their goal. If threat hunters can detect malicious activity on an endpoint they may see similar indicators appearing on new machines when lateral movement has occurred. But if they can detect the lateral movement as it […]
·blog.f-secure.com·
Endpoint Detection of Remote Service Creation and PsExec - F-Secure Blog
GitHub - last-byte/PersistenceSniper: Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Made with ❤️ by @last0x00 and @dottor_morte
GitHub - last-byte/PersistenceSniper: Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Made with ❤️ by @last0x00 and @dottor_morte
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Made with ❤️ by @last0x00 and @dottor_morte - Git...
·github.com·
GitHub - last-byte/PersistenceSniper: Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Made with ❤️ by @last0x00 and @dottor_morte