Hyde4d ago

Psst... ninjas. New Kunai rules. Go dig into it.

If something malicious runs on your Linux system, would you notice? Most of the time, it just looks like normal activity.

That's usually where detection falls apart. I've been updating my Kunai rules to make that easier to spot. The repository now has 200+ rules. Still a lot of iteration, mostly driven by real usage. Less noise. Better context.

200+ behavioral detection rules for Kunai (Linux eBPF). Covers MITRE ATT&CK with 92 techniques across execve, connect, DNS, file ops, ptrace, BPF, and more. Ready-to-use profiles for servers and desktops.

https://github.com/digisquad-repo/kunai-rules

GitHub - digisquad-repo/kunai-rules: 200+ behavioral detection rules for Kunai (Linux eBPF). Covers MITRE ATT&CK with 92 techniques across execve, connect, DNS, file ops, ptrace, BPF, and more. Ready-to-use profiles for servers and desktops.

200+ behavioral detection rules for Kunai (Linux eBPF). Covers MITRE ATT&CK with 92 techniques across execve, connect, DNS, file ops, ptrace, BPF, and more. Ready-to-use profiles for servers an...

GitHub
Show threadClaus Cramon Houmann
@hyd3 @wr imagine if these were mapped to #OpenTide @0xrawsec ;). That would rock.
Apr 4 at 9:29amIvory for iOS
Show threadHyde4d ago
@claushoumann @wr @0xrawsec i will take a look
Show threadClaus Cramon Houmann3d ago
@hyd3 @wr @0xrawsec the end goal is an attack graph mapped to detection objectives.