CentOS based Docker Security Architecture

POC developed while writing the paper "A weakness in eBPF-based runtime security applications"

ebpfkit is a rootkit powered by eBPF

ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits

Kubernetes offensive framework built in eBPF

In this AKS-focused workshop, you will work with Calico Cloud to learn how to implement runtime security to protect containers in your Kubernetes cluster from known and zero-day threats based container and network attacks running on Microsoft AKS.

This repository supports the "Microsoft AKS Security Bootcamp: Visualize cluster traffic and identify security gaps" workshop, providing step-by-step guidance for hands-on security experience, including network risk assessment, malware alerts, threat containment, anomaly detection, and policy enforcement.

Linux based vulnerabilities (CVE) exploit detection through runtime security using Falco/Osquery/Yara/Sigma

🐝 BPFBox 📦 Exploring process confinement in eBPF

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS

PyRASP is a Runtime Application Self Protection package for Python-based Web Servers (Flask, FastAPI and Django) and Serverless Functions (AWS Lambda, Azure and Google Cloud Functions).

Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)

Protect your Cloud Native Applications running on Kubernetes from malicious attacks with pre-registered source code, pre-registered runtime processes monitoring, automated actions based on configure-actions, analytics, alerting and also sharing detections with community. Maybe save from Ransomware. Shift-Left your threat detection. Shift Right t…

POC Repo for Implementing Runtime Security fo a Kubernetes Cluster.

Deep Linux runtime visibility meets Wireshark

Community curated list of System and Network policy templates for the KubeArmor and Cilium

Proactive security monitoring and threat detection in CI/CD

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Ansible playbooks to provision firecracker VMs and run Falco kernel tests

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.