防御 ======================================== 日志检查 ---------------------------------------- - `Sysmon `_ - `LastActivityView `_ - `Regshot `_ - `teler `_ Real-time HTTP Intrusion Detection 终端监控 ---------------------------------------- - `attack monitor `_ Endpoint detection & Malware analysis software - `artillery `_ The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods. - `yurita `_ Anomaly detection framework @ PayPal - `crowdsec `_ An open-source, lightweight agent to detect and respond to bad behaviours - `tracee `_ Linux Runtime Security and Forensics using eBPF XSS防护 ---------------------------------------- - `js xss `_ - `DOMPurify `_ - `google csp evaluator `_ 配置检查 ---------------------------------------- - `Attack Surface Analyzer `_ analyze operating system's security configuration for changes during software installation. - `gixy `_ Nginx 配置检查工具 - `dockerscan `_ Docker security analysis & hacking tools 安全检查 ---------------------------------------- - `lynis `_ Security auditing tool for Linux, macOS, and UNIX-based systems - `linux malware detect `_ IDS ---------------------------------------- - `ossec `_ - `yulong `_ - `AgentSmith `_ - `ByteDance HIDS `_ Cloud-Native Host-Based Intrusion Detection RASP ---------------------------------------- - `Elkeid `_ Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture - `openrasp `_ IAST 灰盒扫描工具 SIEM ---------------------------------------- - `panther `_ Detect threats with log data and improve cloud security posture 威胁情报 ---------------------------------------- - `threatfeeds `_ - `abuseipdb `_ APT ---------------------------------------- - `APT Groups and Operations `_ - `APTnotes `_ - `APT Hunter `_ Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity 入侵检查 ---------------------------------------- - `huorong `_ - `check rootkit `_ - `rootkit hunter `_ - `PC Hunter `_ - `autoruns `_ 进程查看 ---------------------------------------- - `Process Explorer `_ - `ProcessHacker `_ Waf ---------------------------------------- - `naxsi `_ - `ModSecurity `_ - `ngx_lua_waf `_ - `OpenWAF `_ 病毒在线查杀 ---------------------------------------- - `virustotal `_ - `virscan `_ - `habo `_ WebShell查杀 ---------------------------------------- - `D盾 `_ - `深信服WebShell查杀 `_ - `php malware finder `_ 规则 / IoC ---------------------------------------- - `malware ioc `_ - `fireeye public iocs `_ - `signature base `_ - `yara rules `_ - `capa rules `_ standard collection of rules for capa - `AttackDetection `_ Suricata PT Open Ruleset - `DailyIOC `_ IOC from articles, tweets for archives 威胁检测 ---------------------------------------- - `ARTIF `_ An advanced real time threat intelligence framework to identify threats and malicious web traffic on the basis of IP reputation and historical data Security Advisories ---------------------------------------- - `Apache httpd Security Advisories `_ - `Apache Solr `_ - `Apache Tomcat `_ - `Jetty Security Reports `_ - `Nginx Security Advisories `_ - `OpenSSL `_ Security Tracker ---------------------------------------- - `Nginx Security Tracker `_ 匹配工具 ---------------------------------------- - `yara `_ The pattern matching swiss knife - `capa `_ The FLARE team's open-source tool to identify capabilities in executable files. DoS防护 ---------------------------------------- - `Gatekeeper `_` open-source DDoS protection system 对手模拟 ---------------------------------------- - `sliver `_ Adversary Simulation Framework 入侵防护 ---------------------------------------- - `fail2ban `_