Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).
☆89Jan 28, 2024Updated 2 years ago
Alternatives and similar repositories for Falco-bypasses
Users that are interested in Falco-bypasses are comparing it to the libraries listed below
Sorting:
- ☆25Jun 27, 2024Updated last year
- A curated list of resources about detecting threats and defending Kubernetes systems.☆405Sep 2, 2023Updated 2 years ago
- All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments. Currently supports Amazon EKS.☆370Mar 1, 2026Updated last week
- Compares and analyzes GCP IAM roles.☆78Mar 9, 2025Updated 11 months ago
- ☆72May 13, 2025Updated 9 months ago
- ☆22Jul 24, 2025Updated 7 months ago
- OCI hook to trace syscalls and generate a seccomp profile☆338Feb 12, 2026Updated 3 weeks ago
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Jan 18, 2022Updated 4 years ago
- An Evil OIDC Server☆53Oct 19, 2022Updated 3 years ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Oct 3, 2023Updated 2 years ago
- Go client and SDK for Falco☆55Jan 19, 2026Updated last month
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆101Jan 12, 2024Updated 2 years ago
- Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is base…☆26Sep 26, 2023Updated 2 years ago
- Inject Falco and pdig into a running kubernetes pod☆13May 14, 2020Updated 5 years ago
- Curating Falco rules with MITRE ATT&CK Matrix☆88Mar 7, 2024Updated 2 years ago
- ☆30Jan 12, 2023Updated 3 years ago
- Response Engine for managing threats in your Kubernetes☆191Nov 20, 2025Updated 3 months ago
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆123Aug 20, 2023Updated 2 years ago
- Take Over the Whole Cluster: Attacking Kubernetes via Excessive Permissions of Third-party Applications☆19May 6, 2024Updated last year
- python3 scripts to help with aws triage needs☆15Feb 11, 2022Updated 4 years ago
- K8s Network Policy Migrator is a tool to migrate Calico or Cilium custom network policies to Kubernetes native network policy. The tool o…☆32Aug 29, 2023Updated 2 years ago
- Runtime security plug to protect user containers☆67Updated this week
- Automated testing, generation & manipulation of #osquery packs☆74Oct 16, 2024Updated last year
- Granular, Actionable Adversary Emulation for the Cloud☆2,267Mar 1, 2026Updated last week
- 🧰 Multi Tool Kubernetes Pentest Image☆255Updated this week
- ☆107Nov 15, 2025Updated 3 months ago
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆339Updated this week
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆112Jan 2, 2025Updated last year
- ☆20Jun 13, 2022Updated 3 years ago
- ☆30Jan 13, 2026Updated last month
- BadRobot - Operator Security Audit Tool☆225Feb 2, 2026Updated last month
- Convert cloudtrail data to MITRE ATT&CK Sightings☆82Jul 25, 2022Updated 3 years ago
- ☆86Feb 4, 2026Updated last month
- ## Auto-archived due to inactivity. ## Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Securit…☆37Oct 17, 2024Updated last year
- Generate a variety of suspect actions that are detected by Falco rulesets☆116Feb 12, 2026Updated 3 weeks ago
- Proof of concept code for Datadog Security Labs referenced exploits.☆449Mar 1, 2026Updated last week
- Kubernetes focused container assessment and context discovery tool for penetration testing☆475Nov 7, 2025Updated 4 months ago
- This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs☆39Sep 25, 2024Updated last year
- Security Alert Decoration☆27Jul 21, 2025Updated 7 months ago