9.12. 防御

9.12.1. 日志检查

9.12.2. 终端监控

  • attack monitor Endpoint detection & Malware analysis software

  • artillery The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.

  • yurita Anomaly detection framework @ PayPal

  • crowdsec An open-source, lightweight agent to detect and respond to bad behaviours

9.12.4. 配置检查

  • Attack Surface Analyzer analyze operating system’s security configuration for changes during software installation.

  • gixy Nginx 配置检查工具

  • dockerscan Docker security analysis & hacking tools

9.12.5. 安全检查

9.12.6. IDS

9.12.7. SIEM

  • panther Detect threats with log data and improve cloud security posture

9.12.8. 威胁情报

9.12.9. APT

  • APT Groups and Operations

  • APTnotes

  • APT Hunter Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

9.12.11. 进程查看

9.12.13. 病毒在线查杀

9.12.15. 规则 / IoC

9.12.16. 内存取证

9.12.18. Security Tracker

9.12.19. 匹配工具

  • yara The pattern matching swiss knife

  • capa The FLARE team’s open-source tool to identify capabilities in executable files.

9.12.20. DoS防护

  • Gatekeeper <https://github.com/AltraMayor/gatekeeper>`_ open-source DDoS protection system

9.12.21. 对手模拟

  • sliver Adversary Simulation Framework