Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/likekabin/AttackDetection
https://github.com/likekabin/AttackDetection
Last synced: about 22 hours ago
JSON representation
- Host: GitHub
- URL: https://github.com/likekabin/AttackDetection
- Owner: likekabin
- License: other
- Created: 2019-07-01T02:03:02.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-07-01T02:03:13.000Z (over 5 years ago)
- Last Synced: 2024-10-10T05:37:42.509Z (3 months ago)
- Size: 13.2 MB
- Stars: 3
- Watchers: 0
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-security-vul-llm - likescam/AttackDetection - square) - Suricata PT Open Ruleset,包含一系列用于检测网络安全漏洞和恶意活动的Suricata规则,同时还提供了PoC exploit和样本流量数据。这些规则针对TLS通信进行了优化,并且使用了自定义的SID范围(10000000-10999999)。该项目使用Apache 2.0许可证授权。 (LLM分析过程)
README
Suricata PT Open Ruleset
=====
The [Attack Detection Team](https://twitter.com/AttackDetection) searches for new vulnerabilities and 0-days, reproduces it and creates PoC exploits to understand how these security flaws work and how related attacks can be detected on the network layer. Additionally, we are interested in malware and hackers’ TTPs, so we develop Suricata rules for detecting all sorts of such activities.
## Structure
This repository consisting of folders with self-explanatory names contains Suricata rules, PoC exploits, and traffic samples in zip archives with default password.
:wrench: Some rules in this repo are aimed to detect communications under TLS. Please, set ```encryption-handling: full``` in suricata.yaml configuration file to activate them.
## SID range
We use SID 10000000-10999999 for our rules.
## License
This software is provided under a custom License. See the accompanying LICENSE file for more information.