Cisco Secure Endpoint is a cloud-native endpoint security solution that provides advanced protection and response to threats.
Raccine is a simple ransomware protection that intercepts and kills malicious processes that attempt to delete shadow copies using vssadmin.exe. It uses YARA rules to scan command line parameters for malicious activity and can be easily uninstalled without leaving any system files modified. However, it may break some backup solutions and block legitimate use of vssadmin.exe. Raccine works by registering a debugger for vssadmin.exe, collecting the parent process IDs, and killing them if malicious activity is detected. It also logs the killed PIDs to the Windows Eventlog. Please note that Raccine should be used at your own risk and may interfere with certain backup solutions.
Cisco Secure Endpoint is a cloud-native endpoint security solution that provides advanced protection and response to threats.
An endpoint monitoring tool for Linux and macOS that reports file, socket, and process events to Zeek.
A tool for monitoring and managing device compliance and security across multiple platforms
SharpAppLocker provides a C# adaptation of the Get-AppLockerPolicy cmdlet for managing application control policies.
A single cybersecurity platform that provides holistic security management, prevention, detection, and response capabilities powered by AI and threat intelligence, designed to simplify and converge security operations in diverse hybrid IT environments.
A Python library for loading and executing Beacon Object Files (BOFs) in-memory.