Share
## https://sploitus.com/exploit?id=4A3C2C19-06DC-5570-BEF4-9B65D6BFFEE0
# ๐ก๏ธ anti-hacking: Comprehensive Defensive Security Knowledge Base
**A production-grade defensive security framework for protecting against document-based attacks, metadata exploitation, and targeted threats.**
---
## ๐ฏ Mission
This repository consolidates enterprise-grade defensive security practices, detection rules, hardening guides, and incident response procedures for organizations protecting against:
- **Document-based attacks** (malicious PDFs, Office exploits)
- **Metadata exploitation** (OSINT-based targeting)
- **Social engineering** (phishing, pretexting)
- **Supply chain attacks** (third-party PDFs)
- **Insider threats** (accidental data leakage)
---
## ๐ Structure
### ๐ **docs/** โ Policy & Educational Content
Comprehensive guides for understanding threats and defenses:
- `01-PDF-Security.md` โ Deep technical analysis of PDF threats
- `02-Email-Hardening.md` โ Email gateway security
- `03-Endpoint-Defense.md` โ Workstation hardening
- `04-Incident-Response.md` โ Playbook procedures
- `05-OSINT-Protection.md` โ Operational security
- `06-Compliance-Mapping.md` โ Regulatory alignment
- `07-Forensics-Guide.md` โ Investigation procedures
### ๐จ **detection/** โ Detection Rules & Signatures
Ready-to-deploy detection rules:
- **yara/** โ Malicious PDF detection (YARA rules)
- **siem/** โ Splunk, ELK, Microsoft Sentinel queries
- **sigma/** โ Generic detection rules (portable across SIEM platforms)
### ๐ง **hardening/** โ System Hardening
Configuration guides and deployment scripts:
- **adobe-reader/** โ Group Policy, registry tweaks, configuration
- **firefox/** โ PDF.js hardening, policies.json
- **macos/** โ System preferences, XProtect rules
- **email-gateway/** โ SPF/DKIM/DMARC, attachment scanning
### ๐ **incident-response/** โ IR Procedures
Step-by-step playbooks for security incidents:
- **playbooks/** โ Specific incident procedures
- **forensics/** โ Collection, preservation, analysis scripts
- **templates/** โ Report templates, post-mortem guides
### ๐ ๏ธ **tools/** โ Automation Scripts
Python/Bash tools for security operations:
- `metadata-sanitizer.py` โ Batch metadata removal
- `pdf-scanner.sh` โ Local YARA scanning
- `osint-monitor.py` โ Monitor for leaked metadata
- `timeline-builder.py` โ Forensic timeline reconstruction
- `compliance-checker.py` โ Automated audit validation
### ๐ณ **automation/** โ Infrastructure-as-Code
Ready-to-deploy defensive infrastructure:
- **docker/** โ Containerized PDF scanning sandbox
- **lambda/** โ AWS Lambda for auto-remediation
- **terraform/** โ Cloud infrastructure deployment
### ๐ **training/** โ Security Awareness
Training materials for all organizational levels:
- **level-1-users/** โ Employee awareness
- **level-2-admins/** โ IT administrator training
- **level-3-analysts/** โ Security analyst CTF challenges
- **level-4-leadership/** โ Executive briefings
### โ
**compliance/** โ Regulatory Mapping
Alignment with compliance frameworks:
- **gdpr/** โ GDPR Article 32 mapping
- **pci-dss/** โ Payment Card Industry standards
- **soc2/** โ SOC 2 Type II controls
- **hipaa/** โ Healthcare data protection
- **iso27001/** โ ISO 27001 controls
### ๐ **metrics/** โ KPIs & Monitoring
Dashboard templates and alert thresholds:
- KPI definitions
- Alert escalation procedures
- Reporting templates
### ๐งช **tests/** โ Validation & Testing
Automated tests for rules and procedures:
- YARA rule validation
- Sanitization effectiveness tests
- Compliance checker tests
---
## ๐ Quick Start
### 1. Clone Repository
```bash
git clone https://github.com/yourgithub/anti-hacking.git
cd anti-hacking
```
### 2. Deploy YARA Rules
```bash
cp detection/yara/*.yar /path/to/yara/rules/
yara -r detection/yara/malicious_pdfs.yar /path/to/documents/
```
### 3. Run Metadata Scanner
```bash
python3 tools/osint-monitor.py --search "company.com" --alerts slack
```
### 4. Sanitize Documents (Batch)
```bash
python3 tools/metadata-sanitizer.py --input /path/to/pdfs/ --output /path/to/clean/
```
### 5. Deploy Detection Rules to SIEM
```bash
# Splunk
cp detection/siem/splunk-queries.md /opt/splunk/queries/
# ELK
curl -X POST "localhost:9200/_security/rule" \
-H 'Content-Type: application/json' \
-d @detection/siem/elk-rules.json
```
---
## ๐ Key Features
โ
**Production-Ready** โ Rules tested against real malware samples
โ
**Framework-Agnostic** โ Portable across different SIEM/EDR platforms
โ
**Compliance-Mapped** โ Aligned with GDPR, SOC2, PCI-DSS, HIPAA, ISO27001
โ
**Community-Driven** โ Contributions welcome (see CONTRIBUTING.md)
โ
**Continuously Updated** โ New threats added monthly
โ
**Incident Response Focus** โ Real playbooks from incident responders
---
## ๐ Documentation Index
| Document | Audience | Format |
|---|---|---|
| [PDF Security Deep Dive](docs/01-PDF-Security.md) | Security analysts, architects | Technical |
| [Email Hardening Guide](docs/02-Email-Hardening.md) | IT admins, security teams | Procedural |
| [Endpoint Defense](docs/03-Endpoint-Defense.md) | Sysadmins, IT engineers | Step-by-step |
| [Incident Response Playbooks](docs/04-Incident-Response.md) | CIRT members | Checklist-style |
| [OSINT Protection](docs/05-OSINT-Protection.md) | Security ops, leadership | Strategic |
| [Compliance Mapping](docs/06-Compliance-Mapping.md) | Compliance officers, audit | Reference |
| [Forensics Guide](docs/07-Forensics-Guide.md) | Forensic analysts | Detailed |
---
## ๐ Training Paths
- **For End Users** โ [level-1-users/](training/level-1-users/) (30 min awareness)
- **For IT Admins** โ [level-2-admins/](training/level-2-admins/) (2 hours hands-on)
- **For Security Analysts** โ [level-3-analysts/](training/level-3-analysts/) (4+ hours + CTF)
- **For Leadership** โ [level-4-leadership/](training/level-4-leadership/) (1 hour briefing)
---
## ๐จ Incident Detection
Real-world detection scenarios:
1. **Malicious PDF Found** โ [playbooks/malicious-pdf-found.md](incident-response/playbooks/malicious-pdf-found.md)
2. **Metadata Leakage** โ [playbooks/metadata-leakage.md](incident-response/playbooks/metadata-leakage.md)
3. **Compromised Endpoint** โ [playbooks/compromised-endpoint.md](incident-response/playbooks/compromised-endpoint.md)
4. **Data Exfiltration** โ [playbooks/data-exfiltration.md](incident-response/playbooks/data-exfiltration.md)
---
## ๐ค Contributing
We welcome contributions! See [CONTRIBUTING.md](.github/CONTRIBUTING.md) for:
- How to submit detection rules
- Code style guidelines
- Testing requirements
- Review process
---
## ๐ License
This project is licensed under **CC BY-SA 4.0** (Creative Commons Attribution-ShareAlike).
**Use freely in commercial and non-commercial contexts, with attribution.**
---
## โ๏ธ Disclaimer
This repository contains **defensive security information only**. It is designed to help organizations:
- Detect threats
- Respond to incidents
- Harden systems
- Comply with regulations
**This is NOT a guide to offensive hacking.** Use of this information for unauthorized access, data theft, or system compromise is illegal.
---
## ๐ Support
- **Issues & Bug Reports** โ GitHub Issues
- **Discussions** โ GitHub Discussions
- **Security Questions** โ [security@anti-hacking.local](mailto:security@anti-hacking.local)
---
## ๐ Contributors
Maintained by security practitioners. See [CONTRIBUTORS.md](CONTRIBUTORS.md) for the full list.
---
**Last Updated:** 2026-05-14
**Version:** 0.1.0 (initial)
**Status:** Active Development