AuditD on Android
Our goal is to port a minimal set of userland tools from the GNU/Linux userland to the bionic/Linux userland of Android. We've stripped out most the functionality inherent in the Linux software including audisp, ausearch, and auparse. The audit stream is not sent directly to an AF_Unix socket (/dev/audit) by auditd. While not as elegant or robust as the Linux code, our goal is to provide access to the audit stream for Android applications with minimal overhead. Our choice for stripping down Audit is partly due to the fact bionic is horribly GNU incompatible, but also the smartphone platform should be treated than the traditional server/desktop due to resource and runtime constraints. Requirements: A rooted Android system. Running the 2.6.29 or higher x86 kernel with CONFIG_AUDITSYSCALL=y. For the ARM platform, the kernel must be patched (See section 'Custom Kernel'). We needed to copy over the audit.h kernel header because Google uses clean headers. Their utilities to clean headers are unusable by those not blessed with the power of Google (i.e., the documentation is minimal and the ixd is horrible). More details in the directory structure section.
FEATURES
SIMILAR TOOLS
A microservice for string padding to prevent global issues like the left-pad incident.
A command-line tool for taking website screenshots and mobile emulations
A tool for scraping CTF writeups from ctftime.org and organizing them for easy access.
The OWASP AppSec Europe '16 Conference is a leading gathering in web application security, featuring keynote speakers and in-depth trainings in application security topics.
A Python script to check system compliance against CIS Benchmarks with customizable options.
A CLI tool for securely generating keys, passwords, and providing credentials without files, primarily for building secure BOSH deployments using Vault and Spruce.
A golang utility to spider through a website searching for additional links.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.