shamedgh / confineLinks
This tool set can generate SECCOMP profiles for Docker images. It mainly relies on static analysis, making its results more reliable than currently available tools.
☆67Updated 3 years ago
Alternatives and similar repositories for confine
Users that are interested in confine are comparing it to the libraries listed below
Sorting:
- bpflock - eBPF driven security for locking and auditing Linux machines☆150Updated 3 years ago
- Linux Kernel Runtime Integrity with eBPF☆183Updated last year
- This repository contains the source code related to the research paper titled "Temporal System Call Specialization for Attack Surface Red…☆37Updated 11 months ago
- A process level network security monitoring and enforcement project for Kubernetes, using eBPF☆44Updated 5 years ago
- BPFContain is a container security daemon for GNU/Linux leveraging the power and safety of eBPF and Rust.☆59Updated 3 years ago
- Example BPF program with LSM hooks☆33Updated 4 years ago
- ☆466Updated 2 weeks ago
- Trace deep kernel events through eBPF and lsm hooks☆39Updated 4 years ago
- 🐝 BPFBox 📦 Exploring process confinement in eBPF☆105Updated last year
- ☆23Updated last year
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆79Updated last month
- Linux Security Hardening for Confidential Compute☆68Updated last year
- This repository is used to analysis the shared resources of different containers☆31Updated last year
- Lind: Secure Lightweight Adaptive Isolation☆32Updated 3 months ago
- Vault Exploit Defense☆127Updated last year
- VFCFinder: Searching for the Missing Vulnerability Fixing Commits☆29Updated last year
- Fuzz Introspector -- introspect, extend and optimise fuzzers☆431Updated last week
- find relevant security papers published in the top-4 conferences (S&P, USENIX, CCS, NDSS)☆190Updated last year
- fuzzing framework based on libfuzzer and clang sanitizer☆167Updated 6 years ago
- Practical Data-Only Attack Generation☆43Updated last year
- Trace system calls from Docker containers running on the system☆32Updated 2 years ago
- eBPF - extended Berkeley Packet Filter tooling☆125Updated 3 years ago
- A Dolev-Yao-model-guided fuzzer for TLS☆145Updated last week
- LSM BPF module to block pwnkit (CVE-2021-4034) like exploits☆21Updated 3 years ago
- ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits☆137Updated 2 years ago
- ☆13Updated 4 years ago
- Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel☆58Updated last year
- An eBPF program debugger☆213Updated 3 years ago
- FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulati…☆289Updated 3 years ago
- OSS-Fuzz vulnerabilities for OSV.☆162Updated this week