Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Raccine Alternatives
Similar projects and alternatives to Raccine
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Ransomware-Tarpit
Quick and dirty powershell script to generate random files when files within a monitored path are modified.
NOTE:
The number of mentions on this list indicates mentions on common posts plus user suggested alternatives.
Hence, a higher number means a better Raccine alternative or higher similarity.
Raccine reviews and mentions
Posts with mentions or reviews of Raccine.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-08-09.
-
Did anyone ever consider montoring Windows server vss snapshot quotas for ransomware purposes?
Shout out to Raccine https://github.com/Neo23x0/Raccine
-
Security Cadence: Ransomware Part 2 - Actions on Objectives
There's a clever little utility for that called Raccine: https://github.com/Neo23x0/Raccine.
However, a more useful control would be to detect the process responsible for deleting shadow copies and to kill it. There's a clever little utility for that called Raccine: https://github.com/Neo23x0/Raccine Just note that if you have some sort of legitimate process that deletes shadow copies, Raccine will not discriminate in killing it. However, if you don't have anything preventing you from doing something like this, you can potentially kill a ransomware infection right at the start with a simple free utility. Neato.
-
BullWall Ransomcare
If you're looking at a ransomware-specific endpoint protection tool, consider Raccine. https://github.com/Neo23x0/Raccine
-
Alert for ransomware that bypassed endpoint protection
Back to your original question, assuming a conventional AD-centric Windows environment, I would recommend starting with AppLocker to whitelist approved apps and host-based firewall to whitelist approved connections, enable detailed powershell logging, monitor for east-west wmic/SMB/RDP connections (monitor at host level and at network level), and use a tool like RITA to detect beaconing activity. Also consider blocking DOH, retaining DNS logs, and if you don't have a well-tuned EDR/XDR and SIEM, deploy sysmon and use WEF/WEC to centralize logs (SwiftOnSecurity and Olaf Hartong on github have very good starting points for sysmon configs and Microsoft's MSLab github repo has a good scenario for testing sysmon/WEF/WEC with alert recommendations from NSA and Palantir). If you have no centralized logging/analysis/alerting in place AND a managed solution like SecureWorks or a guided deployment of Defender are not realistic, consider starting with Security Onion. If your organization is in a critical infrastructure sector, you should definitely look into the risk and vulnerability assessment and no-cost cyber hygiene services offered by CISA (see https://www.cisa.gov/cyber-resource-hub). Also, have you considered testing/deploying Raccine? https://github.com/Neo23x0/Raccine
-
methodologies for detecting ransomware
checking for shadow volume copy deletion and certain other ransomware-specific commands (see, e.g., Raccine but beware that it is NOT a vaccine but a generic detection method, the name is really just wrong)
-
A note from our sponsor - InfluxDB
www.influxdata.com | 17 May 2024
Stats
Basic Raccine repo stats
6
939
3.5
6 months ago
Neo23x0/Raccine is an open source project licensed under The Unlicense which is not an OSI approved license.
The primary programming language of Raccine is C++.
Popular Comparisons
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com