vmware-archive / cbsensor-linux-kmod
Linux Kernel module for Carbon Black EDR
☆12Updated 4 years ago
Alternatives and similar repositories for cbsensor-linux-kmod:
Users that are interested in cbsensor-linux-kmod are comparing it to the libraries listed below
- Linux endpoint events for BPF enabled systems☆24Updated 2 years ago
- Tools for parsing rulesets using the exact grammar as YARA. Written in Go.☆83Updated 2 years ago
- Yara powered NIDS with high speed packet capture powered by PF_RING☆69Updated 11 months ago
- ☆58Updated 4 years ago
- Parse YARA rules and operate over them more easily.☆187Updated 2 months ago
- Code for BH21 talk: "Generating YARA Rules by Classifying Malicious Byte Sequences"☆17Updated 2 months ago
- This project is no longer maintained. There's a successor at https://github.com/zeek/zeek-agent-v2☆123Updated 4 years ago
- YARI is an interactive debugger for YARA Language.☆88Updated 3 months ago
- Proofpoint - Emerging Threats - Threat Research tools + publicly shared intel and documentation☆72Updated 4 months ago
- ☆98Updated 4 years ago
- Community-based integrated malware identification system☆82Updated 2 years ago
- simple YARA-based IOC scanner☆168Updated 2 months ago
- ☆40Updated 2 years ago
- A mapping of used malware names to commonly known family names☆62Updated 2 years ago
- ssdeep cluster analysis for malware files☆30Updated 4 years ago
- Dynamic PowerShell Analysis Framework Based Upon PowerShell Debugging Functionality☆83Updated 2 years ago
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆53Updated 7 years ago
- Alternative YARA scanning engine☆70Updated 2 years ago
- Suricata rule and intel index☆30Updated last month
- Telsy CTI Research Team☆57Updated 4 years ago
- Collect autorun records from running system☆61Updated 3 years ago
- YARA Language Server☆71Updated 2 weeks ago
- Trigram database written in C++, suited for malware indexing☆125Updated 6 months ago
- Pure Python parser for data encoded by .NET's BinaryFormatter☆50Updated 6 years ago
- A wireshark/tshark plugin for the JA3 TLS Client Fingerprinting Algorithm☆58Updated last year
- ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.☆116Updated 2 years ago
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆38Updated 2 years ago
- Dectect syscall hooking using eBPF☆151Updated last year
- Golang parser for OLE files☆31Updated last month
- This project fully automates the process of analyzing and exploiting IoT malware to find live CnC servers.☆41Updated 9 months ago