Repository navigation
runtime-security
- Website
- Wikipedia
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Cloud Native Runtime Security
Linux Runtime Security and Forensics using eBPF
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.
ebpfkit is a rootkit powered by eBPF
OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)
Deep Linux runtime visibility meets Wireshark
ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
Protect your Cloud Native Applications running on Kubernetes from malicious attacks with pre-registered source code, pre-registered runtime processes monitoring, automated actions based on configure-actions, analytics, alerting and also sharing detections with community. Maybe save from Ransomware. Shift-Left your threat detection. Shift Right threat elimination.
Community curated list of System and Network policy templates for the KubeArmor and Cilium
Kubernetes offensive framework built in eBPF
PyRASP is a Runtime Application Self Protection package for Python-based Web Servers (Flask, FastAPI and Django), Serverless Functions (AWS Lambda, Azure and Google Cloud Functions) and MCP Servers (FastMCP)
eBPF security monitoring agent based on Aya
Linux based vulnerabilities (CVE) exploit detection through runtime security using Falco/Osquery/Yara/Sigma
Proactive security monitoring and threat detection in CI/CD
Jibril: A performant and low impact Linux runtime security tool agent.
Ansible playbooks to provision firecracker VMs and run Falco kernel tests
Dralyxor: Advanced C++ header-only library for robust string obfuscation, shielding binaries from static/dynamic analysis. Uses a consteval micro-program engine with variable NOPs. Runtime anti-debug/tamper checks (canaries, content checksums) plus RAII "just-in-time" decryption ensure secure, minimal memory exposure of plain-text data.