maxvarm's repositories
linux-siem-audit-configs
Auditd, OSquery, and Falco low-volume process and filesystem auditing configs built for SIEM ingestion
awesome-threat-intelligence
A curated list of Awesome Threat Intelligence resources
ebpf-docker-lsm
Monitor and block specified processes and network connections with this docker-aware KRSI (BPF+LSM) security tool
Language:Python000
memfd-process-hide
Hide process execution from auditd or dynamically load remote binaries using memfd+fexecve syscalls