blackberry / Falco-bypassesView external linksLinks
Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).
☆88Jan 28, 2024Updated 2 years ago
Alternatives and similar repositories for Falco-bypasses
Users that are interested in Falco-bypasses are comparing it to the libraries listed below
Sorting:
- ☆25Jun 27, 2024Updated last year
- A curated list of resources about detecting threats and defending Kubernetes systems.☆402Sep 2, 2023Updated 2 years ago
- All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments. Currently supports Amazon EKS.☆369Aug 1, 2025Updated 6 months ago
- Compares and analyzes GCP IAM roles.☆78Mar 9, 2025Updated 11 months ago
- ☆73May 13, 2025Updated 9 months ago
- ☆22Jul 24, 2025Updated 6 months ago
- OCI hook to trace syscalls and generate a seccomp profile☆337Updated this week
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Jan 18, 2022Updated 4 years ago
- An Evil OIDC Server☆53Oct 19, 2022Updated 3 years ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Oct 3, 2023Updated 2 years ago
- Go client and SDK for Falco☆55Jan 19, 2026Updated 3 weeks ago
- DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…☆101Jan 12, 2024Updated 2 years ago
- Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is base…☆26Sep 26, 2023Updated 2 years ago
- Inject Falco and pdig into a running kubernetes pod☆13May 14, 2020Updated 5 years ago
- Curating Falco rules with MITRE ATT&CK Matrix☆89Mar 7, 2024Updated last year
- Response Engine for managing threats in your Kubernetes☆189Nov 20, 2025Updated 2 months ago
- ☆30Jan 12, 2023Updated 3 years ago
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆122Aug 20, 2023Updated 2 years ago
- Take Over the Whole Cluster: Attacking Kubernetes via Excessive Permissions of Third-party Applications☆20May 6, 2024Updated last year
- python3 scripts to help with aws triage needs☆15Feb 11, 2022Updated 4 years ago
- K8s Network Policy Migrator is a tool to migrate Calico or Cilium custom network policies to Kubernetes native network policy. The tool o…☆32Aug 29, 2023Updated 2 years ago
- Runtime security plug to protect user containers☆67Updated this week
- Automated testing, generation & manipulation of #osquery packs☆74Oct 16, 2024Updated last year
- Granular, Actionable Adversary Emulation for the Cloud☆2,252Feb 6, 2026Updated last week
- 🧰 Multi Tool Kubernetes Pentest Image☆254Sep 1, 2025Updated 5 months ago
- ☆107Nov 15, 2025Updated 3 months ago
- Threatest is a CLI and Go framework for end-to-end testing threat detection rules.☆338Updated this week
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆111Jan 2, 2025Updated last year
- ☆20Jun 13, 2022Updated 3 years ago
- ☆30Jan 13, 2026Updated last month
- BadRobot - Operator Security Audit Tool☆223Feb 2, 2026Updated 2 weeks ago
- Convert cloudtrail data to MITRE ATT&CK Sightings☆82Jul 25, 2022Updated 3 years ago
- ☆86Feb 4, 2026Updated last week
- ## Auto-archived due to inactivity. ## Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Securit…☆37Oct 17, 2024Updated last year
- Generate a variety of suspect actions that are detected by Falco rulesets☆115May 27, 2025Updated 8 months ago
- Proof of concept code for Datadog Security Labs referenced exploits.☆449Updated this week
- Kubernetes focused container assessment and context discovery tool for penetration testing☆475Nov 7, 2025Updated 3 months ago
- Tool for building Kubernetes attack paths☆940Jan 16, 2026Updated last month
- Security Alert Decoration☆27Jul 21, 2025Updated 6 months ago