Skip to content
/ fibratus Public
forked from rabbitstack/fibratus

Adversary tradecraft detection, protection, and hunting

www.fibratus.io

License

View license
0 stars 190 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Blue-infosec/fibratus

BranchesTags
 
 

Repository files navigation

Fibratus

Fibratus

Adversary tradecraft detection, protection, and hunting
Get Started »

Docs   •   Rules   •   Filaments   •   Download   •   Discussions

What is Fibratus?

Fibratus detects, protects, and eradicates advanced adversary tradecraft by scrutinizing and asserting a wide spectrum of system events against a behavior-driven rule engine and YARA memory scanner.

Events can also be shipped to a wide array of output sinks or dumped to capture files for local inspection and forensics analysis. You can use filaments to extend Fibratus with your own arsenal of tools and so leverage the power of the Python ecosystem.

In a nutshell, the Fibratus mantra is defined by the pillars of realtime behavior detection, memory scanning, and forensics capabilities.

Quick start

  • Install Fibratus from the latest MSI package
  • spin up a command line prompt
  • list credentials from the vault by using the VaultCmd tool
$ VaultCmd.exe /listcreds:"Windows Credentials" /all
  • Credential discovery via VaultCmd.exe rule should trigger displaying the alert in the systray notification area

Documentation

To fully exploit and learn about Fibratus capabilities, read the docs.

Developed with ❤️ by Nedim Šabić Šabić

Logo designed with ❤️ by Karina Slizova

About

Adversary tradecraft detection, protection, and hunting

www.fibratus.io

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 99.2%
  • Other 0.8%