From f22d27b1a606cff5c9fbe9225939bc4f46954659 Mon Sep 17 00:00:00 2001 From: Thomas Stromberg Date: Fri, 16 Feb 2024 17:23:23 -0500 Subject: [PATCH 1/2] fix Chrome merge conflict --- detection/persistence/unexpected-chrome-extensions.sql | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/detection/persistence/unexpected-chrome-extensions.sql b/detection/persistence/unexpected-chrome-extensions.sql index cff9840..0c03ee0 100644 --- a/detection/persistence/unexpected-chrome-extensions.sql +++ b/detection/persistence/unexpected-chrome-extensions.sql @@ -143,9 +143,8 @@ WHERE 'true,,Google Mail Checker,mihcahmgecmbnbcchbopgniflfhgnkff', 'true,,Google Optimize,bhdplaindhdkiflmbfbciehdccfhegci', 'true,,Google Play Books,mmimngoggfoobjdlefbcabngfnmieonb', - << << << < HEAD 'true,,Grammarly: AI Writing and Grammar Checker App,kbfnbcaeplbcioakkpcpgfkobkghlhen', - == == == = 'true,,Grammarly: AI Writing and Grammar Checker App,kbfnbcaeplbcioakkpcpgfkobkghlhen', - >> >> >> > main 'true,,Grammarly: Grammar Checker and AI Writing App,kbfnbcaeplbcioakkpcpgfkobkghlhen', + 'true,,Grammarly: AI Writing and Grammar Checker App,kbfnbcaeplbcioakkpcpgfkobkghlhen', + 'true,,Grammarly: Grammar Checker and AI Writing App,kbfnbcaeplbcioakkpcpgfkobkghlhen', 'true,,Grammarly: Grammar Checker and Writing App,kbfnbcaeplbcioakkpcpgfkobkghlhen', 'true,,Gravit Designer,pdagghjnpkeagmlbilmjmclfhjeaapaa', 'true,,HTTPS Everywhere,gcbommkclmclpchllfjekcdonpmejbdp', From af07ef988882628e33f7f1e6a700bd48c6612b34 Mon Sep 17 00:00:00 2001 From: Thomas Stromberg Date: Thu, 22 Feb 2024 11:48:53 -0500 Subject: [PATCH 2/2] Ignore taint code 4096 (out-of-tree driver) --- detection/evasion/unusually-tainted-kernel-linux.sql | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/detection/evasion/unusually-tainted-kernel-linux.sql b/detection/evasion/unusually-tainted-kernel-linux.sql index c0a82cc..f7dae10 100644 --- a/detection/evasion/unusually-tainted-kernel-linux.sql +++ b/detection/evasion/unusually-tainted-kernel-linux.sql @@ -37,10 +37,11 @@ FROM ORDER BY km.name ASC ) + -- 4096 is a signed, out of tree, open source driver -- 4097 is a signed, out of tree, proprietary driver -- 512 is a kernel warning WHERE - taint NOT IN (0, 512, 4097) + taint NOT IN (0, 512, 4096, 4097) AND NOT ( ( -- 12289 is an unsigned, out of tree, proprietary