Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

Stars: ✭ 726 (+5484.62%)

Mutual labels: intrusion-detection

Flightsim

A utility to generate malicious network traffic and evaluate controls

Stars: ✭ 525 (+3938.46%)

Mutual labels: intrusion-detection

Maltrail

Malicious traffic detection system

Stars: ✭ 4,296 (+32946.15%)

Mutual labels: intrusion-detection

Hindsight

Web browser forensics for Google Chrome/Chromium

Stars: ✭ 589 (+4430.77%)

Mutual labels: forensics

Sift

SIFT

Stars: ✭ 355 (+2630.77%)

Mutual labels: forensics

Wazuh Chef

Wazuh - Chef cookbooks

Stars: ✭ 9 (-30.77%)

Mutual labels: intrusion-detection

Agentsmith Hids

By Kprobe technology Open Source Host-based Intrusion Detection System(HIDS), from E_Bwill.

Stars: ✭ 513 (+3846.15%)

Mutual labels: intrusion-detection

Fail2ban

Daemon to ban hosts that cause multiple authentication errors

Stars: ✭ 6,677 (+51261.54%)

Mutual labels: intrusion-detection

Operative Framework

operative framework is a OSINT investigation framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or results, interact with RESTFul API, write your own modules.

Stars: ✭ 511 (+3830.77%)

Mutual labels: forensics

Awesome Forensics

Awesome Forensics Resources. Almost 300 open source forensics tools, and 600 blog posts about forensics.

Stars: ✭ 446 (+3330.77%)

Mutual labels: forensics

Midas

Anomaly Detection on Dynamic (time-evolving) Graphs in Real-time and Streaming manner. Detecting intrusions (DoS and DDoS attacks), frauds, fake rating anomalies.

Stars: ✭ 591 (+4446.15%)

Mutual labels: intrusion-detection

Gosint

OSINT Swiss Army Knife

Stars: ✭ 401 (+2984.62%)

Mutual labels: forensics

Usbrip

Tracking history of USB events on GNU/Linux

Stars: ✭ 903 (+6846.15%)

Mutual labels: forensics

Infosec reference

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Stars: ✭ 4,162 (+31915.38%)

Mutual labels: forensics

Seqbox

A single file container/archive that can be reconstructed even after total loss of file system structures

Stars: ✭ 480 (+3592.31%)

Mutual labels: forensics

Diffy

Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

Stars: ✭ 555 (+4169.23%)

Mutual labels: forensics

Gensum

Powerful checksum generator!

Stars: ✭ 12 (-7.69%)

Mutual labels: forensics

View All Similar Projects ➔

tr1pd

Status: Very unstable, do not use

tr1pd is a tamper resistant audit log.

Usage

# setup your keyring
tr1pctl init
# start the tr1pd daemon
systemctl start tr1pd
# start a sensor
./sensor01 | tr1pctl write &
# verify your logs
tr1pctl fsck
# view the logs of your current session
tr1pctl ls @..

Installation

Make sure you have the following dependencies installed: Debian/Ubuntu: libsodium-dev libseccomp-dev libzmq3-dev, Archlinux: libsodium libseccomp zeromq, Alpine: make libsodium-dev libseccomp-dev zeromq-dev, OpenBSD: libsodium zeromq.

cargo install tr1pd

Setup

If possible, use your package manager to setup the system (Archlinux AUR). After that you need to add the users that should have access to tr1pctl to the tr1pd group with usermod -aG tr1pd youruser.

If no package is available, you can also run a standalone setup (this is also recommended for development). Edit the paths as needed.

# standalone configuration (~/.config/tr1pd.toml)

[daemon]
socket = "ipc:///home/user/.tr1pd/tr1pd.sock"
datadir = "/home/user/.tr1pd/"

pub_key = "/home/user/.tr1pd/pub.key"
sec_key = "/home/user/.tr1pd/sec.key"

Run tr1pctl init to setup the keyring in your homefolder and tr1pd in a seperate terminal. Verify everything is working correctly by executing tr1pctl ping.

Writing sensors

Sensors can be written in any language using stdio. tr1pctl write is a simple line based interface that writes each line into a block. You can also enable binary mode with tr1pctl write -s 65535. To monitor your auth.log you can simply write:

tail -f /var/log/auth.log | tr1pctl write

Benchmark

While this is not a common usecase, tr1pd is fast enough for Ultra HD video, according to netflix. This means that you can write >= 25 Megabits per second. Make sure you're compiling both tr1pctl and tr1pd with --release.

dd if=/dev/zero | pv | cargo run --release --bin tr1pctl -- write -s 65535

The program says block a lot, is this a blockchain?

No. tr1pd uses merkle tree like constructs that are heavily inspired by bitcoin, but lacks some essential properties to qualify as a blockchain.

Trivia

The initial draft for the protocol was designed in 2014 for perimeter intrustion detection to verify integrity of buildings. Multiple prototypes have been written in 2017 and the first deployment was on a server located at the 34C3 to ensure integrity inside the congress colocation.

License

AGPLv3+

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 13

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (11) 🔗