Detection

ByteDance-HIDS – A Cloud-Native Host-Based Intrusion Detection Solution Project To Provide Next-Generation Threat Detection And Behavior Audition With Modern Architecture

16 Jan 2021 By

ByteDance-HIDS is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture. ByteDance-HIDS comprises three major components: ByteDance-HIDS Agent, co-worked with ByteDance-HIDS Driver, is the game-changer for the Data Collection market. It works at both Kernel and User Space of Linux System, providing rich data flow withRead More

Packer-Fuzzer – A Fast And Efficient Scanner For Security Detection Of Websites Constructed By Javascript Module Bundler Such As Webpack

09 Dec 2020 By

With the popularity of web front-end packaging tools, have you encountered more and more websites represented by Webpack packager in daily penetration testing and security services? This type of packager will package the API and API parameters of the entire site together for centralized Web call, which is also convenient for us to quickly discoverRead More

Webscan – Browser-based Network Scanner And local-IP Detection

29 Nov 2020 By

webscan is a browser-based network IP scanner and local IP detector. It detects IPs bound to the user/victim by listening on an RTP data channel via WebRTC and looping back to the port across any live IPs, as well as discovering all live IP addresses on valid subnets by monitoring for immediate timeouts (TCP RSTRead More

Teler – Real-time HTTP Intrusion Detection

18 Nov 2020 By

teler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. Features Real-time: Analyze logs and identify suspicious activity in real-time. Alerting: teler provides alerting when a threat is detected, push notifications include Slack, Telegram and Discord. Monitoring:Read More

Leonidas – Automated Attack Simulation In The Cloud, Complete With Detection Use Cases

12 Nov 2020 By

Leonidas is a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures (TTPs) and their associated detection properties. These definitions can then be compiled into: A web API exposing each test case as an individual endpoint Sigma rules (https://github.com/Neo23x0/sigma) for detection Documentation –Read More

Lollipopz – Data Exfiltration Utility For Testing Detection Capabilities

13 Apr 2020 By

Data exfiltration utility used for testing detection capabilities of security products. Obviously for legal purposes only.Exfiltration How-To /etc/shadow -> HTTP GET requests Server # ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.GETServer -lp 80 -o output.log Client $ ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.GETClient -rh 127.0.0.1 -rp 80 -i ./samples/shadow.txt -r /etc/shadow -> HTTP POST requests Server # ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.POSTServer -lp 80Read More

DrSemu – Malware Detection And Classification Tool Based On Dynamic Behavior

17 Feb 2020 By

Dr.Semu runs executables in an isolated environment, monitors the behavior of a process, and based on Dr.Semu rules created by you or the community, detects if the process is malicious or not. whoami: @_qaz_qazWith Dr.Semu you can create rules to detect malware based on dynamic behavior of a process. Isolation through redirectionEverything happens from theRead More

X