Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rabbitstack/fibratus

A modern tool for Windows kernel exploration and tracing with a focus on security
https://github.com/rabbitstack/fibratus

edr golang instrumentation python security windows windows-kernel

Last synced: 20 days ago
JSON representation

A modern tool for Windows kernel exploration and tracing with a focus on security

Host: GitHub
URL: https://github.com/rabbitstack/fibratus
Owner: rabbitstack
License: other
Created: 2016-03-25T11:28:46.000Z (over 8 years ago)
Default Branch: master
Last Pushed: 2024-04-09T17:09:48.000Z (7 months ago)
Last Synced: 2024-04-12T19:29:19.836Z (7 months ago)
Topics: edr, golang, instrumentation, python, security, windows, windows-kernel
Language: Go
Homepage: https://www.fibratus.io
Size: 13.8 MB
Stars: 2,070
Watchers: 72
Forks: 181
Open Issues: 31
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE.MD
- Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

awesome-ctf - Fibratus - Tool for exploration and tracing of the Windows kernel. (Forensics)
awesome-ctf - Fibratus - Tool for exploration and tracing of the Windows kernel. (Forensics)
awesome-ctf - Fibratus - Tool for exploration and tracing of the Windows kernel. (Forensics)
go-awesome - Fibratus - Windows kernel exploit and tracking tool (Open source library / Security)
awesome-hacking-lists - rabbitstack/fibratus - Adversary tradecraft detection, protection, and hunting (Go)

README

---

Fibratus

Adversary tradecraft detection, protection, and hunting

Get Started »

Docs
  •
Rules
  •
Filaments
  •
Download
  •
Discussions

### What is Fibratus?

Fibratus detects, protects, and eradicates advanced adversary tradecraft by scrutinizing
and asserting a wide spectrum of system events against a behavior-driven [rule engine](https://www.fibratus.io/#/filters/rules) and [YARA](https://www.fibratus.io/#/yara/introduction) memory scanner.

Events can also be shipped to a wide array of [output sinks](https://www.fibratus.io/#/outputs/introduction) or dumped to [capture](https://www.fibratus.io/#/captures/introduction) files for local inspection and forensics analysis. You can use [filaments](https://www.fibratus.io/#/filaments/introduction) to extend Fibratus with your own arsenal of tools and so leverage the power of the Python ecosystem.

In a nutshell, the Fibratus mantra is defined by the pillars of **realtime behavior detection**, **memory scanning**, and **forensics** capabilities.

### Quick start

---

- [Install](https://www.fibratus.io/#/setup/installation) Fibratus from the latest [MSI package](https://github.com/rabbitstack/fibratus/releases)
- spin up a command line prompt
- list credentials from the vault by using the `VaultCmd` tool
```
$ VaultCmd.exe /listcreds:"Windows Credentials" /all
```
- `Credential discovery via VaultCmd.exe` rule should trigger displaying the alert in the systray notification area

### Documentation

To fully exploit and learn about Fibratus capabilities, read the [docs](https://www.fibratus.io).

---

Developed with ❤️ by Nedim Šabić Šabić

Logo designed with ❤️ by Karina Slizova