当前位置:首页网络攻防学习Awesome-linux-攻击-取证-purplelabs

Awesome-linux-攻击-取证-purplelabs

介绍

本页面是围绕高级 Linux 攻击、检测和取证技术和工具正在进行的实践研究的结果。

由于我多年来一直在实践红蓝方法,下面的材料将让您了解 Linux/Kubernetes 进攻/检测/DFIR 范围内的项目、技术和策略的数量规模。

所有这些攻击性技术和工具都经过我自己的测试(包括源代码分析),通过不同层(主机/网络)检测并映射到小型实践实验室场景,最终成为 PurpleLabs Playground 的一部分(https: // edu.defective-security.com/

如果您正在寻找完整的研讨会/培训计划,下面的链接是独特的“大规模 Linux 攻击和实时取证”的核心 ( https://edu.defective-security.com/linux-attack-live-forensics -at-scale)培训计划。这是创建动态研讨会程序作为框架的第一步,您可以使用全套自定义 TTPS 立即扮演 Linux 攻击者、检测工程师和取证者!该方法还允许创建自定义攻击路径、检测工程和事件响应步骤,包括实时取证。

开源 SOC/IR

https://github.com/Cyb3rWard0g/HELK

https://github.com/Graylog2/graylog2-server

https://github.com/Velocidex/velociraptor

https://docs.velociraptor.app/exchange/

https://github.com/wazuh/wazuh

https://github.com/robcowart/elastiflow

https://github.com/arkime/arkime

https://github.com/osquery/osquery

https://github.com/TheHive-Project/TheHive

https://github.com/TheHive-Project/Cortex

https://github.com/Shuffle/Shuffle

https://github.com/dfir-iris/iris-web

https://github.com/MISP/MISP

https://jupyter.org/

https://github.com/OISF/suricata

https://github.com/zeek/zeek

https://github.com/SecurityRiskAdvisors/VECTR

https://github.com/archanchoudhury/SOC-OpenSource

Linux 和 Kubernetes 检测/取证

https://github.com/sandflysecurity

https://github.com/lkrg-org/lkrg

https://github.com/Sysinternals/SysmonForLinux

https://github.com/volatilityfoundation/volatility

https://github.com/volatilityfoundation/community3

https://github.com/k1nd0ne/VolWeb

https://github.com/pathtofile/bpf-hookdetect

https://github.com/Exein-io/pulsar

https://github.com/ntop/libebpfflow

https://github.com/ehids/ehids-agent

https://github.com/falcosecurity/falco

https://github.com/aquasecurity/tracee

https://github.com/draios/sysdig

https://github.com/cilium/tetragon

https://github.com/gamemann/XDP-Firewall

https://github.com/linuxthor/rkbreaker

https://github.com/therealdreg/lsrootkit

https://github.com/linuxthor/rkspotter

https://github.com/kkamagui/shadow-box-for-x86

http://www.chkrootkit.org/

https://github.com/octarinesec/kube-scan

Linux 内核空间 Rootkit

https://github.com/lukasbalazik123/1337kit

https://github.com/f0rb1dd3n/Reptile

https://github.com/carloslack/KoviD

https://github.com/vkobel/linux-syscall-hook-rootkit

https://github.com/h3xduck/TripleCross

https://github.com/amir9339/ebpf_maps_hooking

https://github.com/milabs/kopycat

https://github.com/m0nad/二吗啡

https://github.com/stdhu/kernel-inline-hook

https://github.com/ilammy/ftrace-hook

https://github.com/WeiJiLab/kernel-hook-framework

https://github.com/C24IO/Netfilter-Hooks-Simple.git

https://github.com/shubham0d/Immutable-file-linux

https://github.com/therealdreg/enyelkm

https://github.com/m0nad/二吗啡

https://github.com/elfmaster/kprobe_rootkit

https://github.com/En14c/LilyOfTheValley

https://github.com/QuokkaLight/rkduck

https://github.com/a7vinx/liinux

https://github.com/mgrube/DragonKing

https://github.com/aidielse/Rootkits-Playground

https://github.com/cccssw/JynKbeast

https://github.com/hanj4096/wukong

https://github.com/mponcet/subversive

https://github.com/h3xduck/Umbra

https://github.com/ruckuus/kernel-abuse/tree/master/kbeast

https://github.com/CDuPlooy/Rootkit

https://github.com/jussihi/SMM-Rootkit

https://github.com/nnedkov/swiss_army_rootkit

https://github.com/spiderpig1297/kprochide

https://github.com/pathtofile/bad-bpf

https://github.com/cloudflare/ebpf_exporter

https://github.com/DavadDi/bpf_study

https://github.com/Esonhugh/sshd_backdoor

https://github.com/vrasneur/randkit

https://github.com/ricardomaraschini/ebpf-signals

https://github.com/bones-codes/the_colonel

https://github.com/PinkP4nther/Sutekh

https://github.com/spiderpig1297/kfile-over-icmp

https://github.com/dave4422/linux_rootkit

https://github.com/nurupo/rootkit

https://github.com/Nadharm/CoVirt

https://github.com/3intermute/loonix_syscall_hook

https://github.com/alfonmga/hiding-cryptominers-linux-rootkit

https://github.com/loneicewolf/linux-rootkits

https://github.com/yasindce1998/KubeDagger

https://github.com/loneicewolf/EXEC_LKM

https://github.com/deurzen/linux-rootkit

https://github.com/roggenbrot42/rkptum2013

https://github.com/DanielAvinoam/TheSubZeroProject

https://github.com/jermeyyy/rooty

https://github.com/NoviceLive/research-rootkit

https://github.com/aesophor/satan

https://github.com/Pratik32/linux_rkit

https://github.com/AlirezaChegini/kernel-based-keylogger-for-Linux

https://github.com/jordan9001/superhide

https://github.com/nccgroup/ebpf/tree/master/conjob

https://github.com/FlamingSpork/iptable_evil

https://github.com/ilee38/root-of-all-evil

https://github.com/milabs/lkrg-bypass

Linux 用户空间 Rootkit/注入器

https://github.com/ldpreload/Medusa

https://github.com/arget13/DDexec

https://github.com/mav8557/父亲

https://github.com/yasukata/zpoline

https://github.com/dsnezhkov/zombieant

https://github.com/ulexec/SHELF-Loading

https://github.com/chokepoint/Jynx2

https://github.com/unix-thrust/beurk

https://github.com/cloudsec/brootkit

https://github.com/trimpsyw/adore-ng

https://github.com/rvillordo/libpreload

https://github.com/r00tkillah/HORSEPILL

https://github.com/elfmaster/skeksi_virus

https://github.com/elfmaster/linker_preloading_virus

https://github.com/nopn0p/rkorova

https://github.com/amir9339/Tcpdump-evasion

https://github.com/Paradoxis/PHP-Backdoor

https://github.com/ixty/mandibule

https://github.com/DavidBuchanan314/dlinject

https://github.com/guitmz/memrun

Linux C2 / 攻击模拟

https://github.com/BishopFox/sliver

https://github.com/facebookincubator/WEASEL

https://github.com/cyberark/kubesploit

https://github.com/controlplaneio/simulator

https://github.com/iagox86/dnscat2

https://github.com/rapid7/metasploit-framework

书籍/PDF/DOCS

https://dl.acm.org/doi/fullHtml/10.1145/3545948.3545980 – Katana:Linux 内存快照的稳健、自动化、仅二进制取证分析

https://www.crysys.hu/publications/files/setit/thesis_bme_Nemeth20bsc.pdf – 嵌入式物联网设备上持久性 Rootkit 组件的检测

https://raw.githubusercontent.com/h3xduck/TripleCross/master/docs/ebpf_offense_rootkit_tfg.pdf – eBPF 的攻击能力分析和 rootkit 的实现

https://github.com/NinnOgTonic/Out-of-Sight-Out-of-Mind-Rootkit/blob/master/osom.pdf – Out-of-Sight-Out-of-Mind-Rootkit

https://pentera.io/blog/the-good-bad-and-compromisable-aspects-of-linux-ebpf/

https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf

https://vblocalhost.com/uploads/VB2021-Mechtinger-Kennedy.pdf

https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Fishing-A-Memory-Forensics-Blind-Spot-Linux-Kernel-Tracing-wp.pdf

https://i.blackhat.com/USA-20/Wednesday/us-20-Livelli-Decade-Of-The-RATs-Custom-Chinese-Linux-Rootkits-For-Everyone.pdf

https://www.vanbastelaer.com/publication/sabpf/sabpf.pdf

https://cormander.com/wp-content/uploads/2017/04/Distribution-Kernel-Security-Hardening.pdf

https://bibis.ir/science-books/information-technology/security/2022/Security-Observability-with-eBPF-by-Jed-Salazar_bibis.ir.pdf

https://isovalent.com/data/isovalent_security_observability.pdf

https://cs.brown.edu/~vpk/papers/ret2dir.sec14.pdf

https://www.iij.ad.jp/en/dev/iir/pdf/iir_vol45_focus_EN.pdf

https://www.brendangregg.com/Slides/BSidesSF2017_BPF_security_monitoring.pdf

https://apps.dtic.mil/sti/pdfs/AD1004190.pdf

http://jultika.oulu.fi/files/nbnfioulu-202004201485.pdf

https://i.blackhat.com/USA-22/Wednesday/US-22-Case-New-Memory-Forensics-Techniques-to-Defeat-Device-Monitoring-Malware-wp.pdf

https://i.blackhat.com/USA-22/Wednesday/US-22-Case-New-Memory-Forensics-Techniques-to-Defeat-Device-Monitoring-Malware.pdf

https://xgao-work.github.io/paper/dsn2021.pdf

http://www.people.vcu.edu/~iahmed3/publications/lncs-wisa-2017.pdf

https://www.crysys.hu/publications/files/setit/thesis_bme_Nagy21msc.pdf

https://www.osdfcon.org/presentations/2019/Ali-Hadi_Performing-Linux-Forensic-Analysis-and-Why-You-Should-Care.pdf

https://www.nccgroup.com/globalassets/our-research/us/whitepapers/2016/june/container_whitepaper.pdf

https://i.blackhat.com/USA-19/Thursday/us-19-Snezhkov-Zombie-Ant-Farming-Practical-Tips-For-Playing-Hide-And-Seek-With-Linux-EDRs.pdf

温馨提示:

文章标题:Awesome-linux-攻击-取证-purplelabs

文章链接:https://www.cutrui.cn/2720.html

更新时间:2023年07月05日

声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。

给TA打赏
共{{data.count}}人
人已打赏
网络攻防学习

CryptoTester:一种用于处理密码学的实用程序,适用于勒索软件分析

2023-7-4 14:58:24

网络攻防学习

bouheki:基于KRSI(eBPF+LSM)的Linux安全审计工具

2023-7-8 21:30:33

0 条回复 A文章作者 M管理员
    暂无讨论,说说你的看法吧
个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索

你有新的私信

请务必要查看您的私信哟~~