bigbrobro

BRON

"Linking Threat Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations for Cyber Hunting" by Erik Hemberg, Jonathan Kelly, Michal Shlapentokh-Rothman, Bryn Reinstadler, Katherine Xu, Nick Rutar, Una-May O'Reilly

awesome-linux-attack-forensics-purplelabs

This page is a result of the ongoing hands-on research around advanced Linux attacks, detection and forensics techniques and tools.

pulsar

A modular and blazing fast runtime security tool for the IoT, powered by eBPF.

amides

An Adaptive Misuse Detection System

Tailor

Learning graph-based code representations for source-level functional similarity detection. ICSE'23

ckibana

Visualizing data in ClickHouse using native Kibana.

nysm

nysm is a stealth post-exploitation container.

luban

Kubernetes集群管理平台，CMDB，K8S容器管理，运维平台，自动化运维发布平台，CICD平台，多集群管理

WatchAD2.0

WatchAD2.0是一款针对域威胁的日志分析与监控系统

PoolPartyBof

A beacon object file implementation of PoolParty Process Injection Technique.

PoolParty

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

SharpGhostTask

A C# port from Invoke-GhostTask

Stinger

CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator.

SignToolEx

Patching "signtool.exe" to accept expired certificates for code-signing.

EDRNoiseMaker

Detect WFP filters blocking EDR communications

EDRSilencer

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

BestEdrOfTheMarket

Little user-mode AV/EDR evasion lab for training & learning purposes

Huorong-ATP-Rules

一款火绒增强HIPS自定义规则

SecGPT

SecGPT网络安全大模型

RealBlindingEDR

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

threaTrace

daphne

Proof-of-Concept to evade auditd by tampering via ptrace

apollon

Proof-of-Concept to evade auditd by writing /proc/PID/mem

Crassus

rulego

⛓️RuleGo is a lightweight, high-performance, embedded, and scalable component orchestration rule engine framework based on the Go language. It is also an event framework that supports heterogeneous system data integration and processing

curlshell

reverse shell using curl

HadesLdr

Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2

PerfExec

nemo_go

Nemo是用来进行自动化信息收集的一个简单平台，通过集成常用的信息收集工具和技术，实现对内网及互联网资产信息的自动收集，提高隐患排查和渗透测试的工作效率。

WhitePondSecurityKG

这是一个网络安全知识图谱开源平台，为网络安全的智能化、体系化开阔新方向，对行业发展贡献绵薄之力。