9.12. 防御

9.12.1. 日志检查

• Sysmon

• LastActivityView

• Regshot

9.12.2. 终端监控

• attack monitor Endpoint detection & Malware analysis software

• artillery The Artillery Project is an open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods.

• yurita Anomaly detection framework @ PayPal

• crowdsec An open-source, lightweight agent to detect and respond to bad behaviours

9.12.3. XSS防护

• js xss

• DOMPurify

• google csp evaluator

9.12.4. 配置检查

• Attack Surface Analyzer analyze operating system’s security configuration for changes during software installation.

• gixy Nginx 配置检查工具

• dockerscan Docker security analysis & hacking tools

9.12.5. 安全检查

• lynis

• linux malware detect

9.12.6. IDS

• ossec

• yulong

• AgentSmith

9.12.7. SIEM

• panther Detect threats with log data and improve cloud security posture

9.12.8. 威胁情报

• threatfeeds

• abuseipdb

9.12.9. APT

• APT Groups and Operations

• APTnotes

9.12.10. 入侵检查

• huorong

• check rootkit

• rootkit hunter

• PC Hunter

• autoruns

9.12.11. 进程查看

• Process Explorer

• ProcessHacker

9.12.12. Waf

• naxsi

• ModSecurity

• ngx_lua_waf

• OpenWAF

9.12.13. 病毒在线查杀

• virustotal

• virscan

• habo

9.12.14. WebShell查杀

• D盾

• 深信服WebShell查杀

• php malware finder

9.12.15. 规则 / IoC

• malware ioc

• fireeye public iocs

• signature base

• yara rules

• capa rules standard collection of rules for capa

• AttackDetection Suricata PT Open Ruleset

• DailyIOC IOC from articles, tweets for archives

9.12.16. 内存取证

• SfAntiBotPro

• volatility

9.12.17. Security Advisories

• Apache httpd Security Advisories

• Apache Solr

• Apache Tomcat

• Jetty Security Reports

• Nginx Security Advisories

• OpenSSL

9.12.18. Security Tracker

• Nginx Security Tracker

9.12.19. 匹配工具

• yara The pattern matching swiss knife

• capa The FLARE team’s open-source tool to identify capabilities in executable files.