[WIP] 整理过去的分享，从零开始的Kubernetes攻防 🧐

KCon is a famous Hacker Con powered by Knownsec Team.

📦 Make security testing of K8s, Docker, and Containerd easier.

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

基于亚马逊S3\阿里云OSS\腾讯COS通信隧道的远程管理工具

go-libaudit is a library for communicating with the Linux Audit Framework.

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

Venom - A Multi-hop Proxy for Penetration Testers

A stealthy Python based Windows backdoor that uses Github as a command and control server

Cknife

Easy files and payloads delivery over DNS

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

通过 Redis 主从写出无损文件

Attack surface mapping

渗透红线Checklist

Tiny SHell is an open-source UNIX backdoor.

Scripted Local Linux Enumeration & Privilege Escalation Checks

anti AV

(extensible) Data Exfiltration Toolkit (DET)

Redis 4.x/5.x RCE

A fake JDBC driver that allows OS command execution.

The cheat sheet about Java Deserialization vulnerabilities

本程序旨在为安全应急响应人员对Linux主机排查时提供便利，实现主机侧Checklist的自动全面化检测，根据检测结果自动数据聚合，进行黑客攻击路径溯源。

Detect Tactics, Techniques & Combat Threats

a PoC for Linux to get around agents that log commands being executed, without root privilege. Linux低权限模糊化执行的程序名和参数，避开基于execve系统调用监控的命令日志

收集一些比较优秀的开源安全项目，以帮助甲方安全从业人员构建企业安全能力。

Distributed & real time digital forensics at the speed of the cloud

越来越多的网站具有反爬虫特性，有的用图片隐藏关键数据，有的使用反人类的验证码，建立反反爬虫的代码仓库，通过与不同特性的网站做斗争（无恶意）提高技术。（欢迎提交难以采集的网站）（因工作原因，项目暂停）