Displaying 1 to 10 from 10 results

defense-solutions-proofs-of-concept - A repository to showcase demonstrations, prototypes and proofs of concept from the Defense Solutions Team

  •    Java

A repository to showcase demonstrations, prototypes and proofs of concept from the Defense Solutions Team. The samples provided in this repository are not officially released Esri solutions and have not gone through the standard software development lifecycle and/or testing used in officially released Esri solutions. They may not be fully tested or documented, and are not supported by Esri Technical Support or the Defense Solutions Team.

portforge.cr - A script which opens multiple sockets from a specific port range you input.

  •    Crystal

This script is intended to open as many sockets as you which between 1024 - 65535. Lower than 1024 works too but you have to be a root user for that. This can be useful when you don't want people to map out your device and see what you're running and not, so it's a small step to defeat reconnaissance.

selfrando - Function order shuffling to defend against ROP and other type of code reuse

  •    C++

Software written in C and C++ is exposed to exploitation of memory corruption. Compilers and operating systems include various exploit mitigation mechanisms that prevent certain offensive techniques. Unfortunately, standard mitigations lag behind the offensive techniques used in exploits against browsers, servers, and other frequently targeted software and do not stop a well-resourced adversary. selfrando can be used to harden your software beyond what is possible with current mitigations. Inspired by biodiversity in nature and existing randomizing defenses, selfrando varies the attack surface, i.e., the code layout, by randomizing each function separately. This makes exploit writing harder and increases resilience to information leakage relative to traditional address space layout randomization (ASLR) techniques.




jpeg-defense - SHIELD: Fast, Practical Defense and Vaccination for Deep Learning using JPEG Compression

  •    Python

The code included here reproduces our techniques (e.g. SLQ) presented in the paper, and also our experiment results reported, such as using various JPEG compression qualities to remove adversarial perturbation introduced by Carlini-Wagner-L2, DeepFool, I-FSGM, and FSGM. The rapidly growing body of research in adversarial machine learning has demonstrated that deep neural networks (DNNs) are highly vulnerable to adversarially generated images. This underscores the urgent need for practical defense that can be readily deployed to combat attacks in real-time. Observing that many attack strategies aim to perturb image pixels in ways that are visually imperceptible, we place JPEG compression at the core of our proposed SHIELD defense framework, utilizing its capability to effectively "compress away" such pixel manipulation. To immunize a DNN model from artifacts introduced by compression, SHIELD "vaccinates" a model by re-training it with compressed images, where different compression levels are applied to generate multiple vaccinated models that are ultimately used together in an ensemble defense. On top of that, SHIELD adds an additional layer of protection by employing randomization at test time that compresses different regions of an image using random compression levels, making it harder for an adversary to estimate the transformation performed. This novel combination of vaccination, ensembling, and randomization makes SHIELD a fortified, multi-pronged defense. We conducted extensive, large-scale experiments using the ImageNet dataset, and show that our approaches eliminate up to 94% of black-box attacks and 98% of gray-box attacks delivered by the recent, strongest techniques, such as Carlini-Wagner's L2 and DeepFool. Our approaches are fast and work without requiring knowledge about the model.

PreCog - Discover "HotSpots" - potential spots for credentials theft

  •    PowerShell

Discover "HotSpots" - potential spots for credentials theft. Discover and mitigate HotSpots machines in your network - those dangerous spots could be abused by attackers to steal privileged accounts credential.


MongoDB-HoneyProxy - A honeypot proxy for mongodb

  •    Javascript

A honeypot proxy for mongodb. When run, this will proxy and log all traffic to a dummy mongodb server.

demo-cloud-native-ebpf-day - Various eBPF programs for tracing network connections

  •    C

This repository contains the code I used for the demo during my talk @ Cloud Native eBPF Day NA 2021. Wait a sec, here are some preconditions to get all of this demo working...






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.