Thomas Stromberg
|
d0e73093ae
|
Use correct column name
|
2023-09-20 08:07:57 -04:00 |
|
Thomas Stromberg
|
4e820ae59e
|
Improve FDM/cred theft detection
|
2023-09-20 08:03:25 -04:00 |
|
Thomas Strömberg
|
ddb37c066a
|
Merge pull request #310 from tstromberg/fpr-sep18
unexpected talker events: address easy false positives
|
2023-09-19 17:48:09 -04:00 |
|
Thomas Strömberg
|
e958c9f2ac
|
Merge pull request #311 from tstromberg/hidden-cwd-events
new check: hidden cwd events
|
2023-09-19 17:48:01 -04:00 |
|
Thomas Stromberg
|
bfdc509243
|
new check: hidden cwd events
|
2023-09-19 17:18:35 -04:00 |
|
Thomas Stromberg
|
f656aef8be
|
unexpected talker events: address easy false positives
|
2023-09-19 17:17:58 -04:00 |
|
Thomas Strömberg
|
41eb8f2a0f
|
Merge pull request #309 from tstromberg/fpr-sep18
new check: Unexpected talker events
|
2023-09-19 15:59:06 -04:00 |
|
Thomas Stromberg
|
9722d9f156
|
new check: Unexpected talker events
|
2023-09-19 15:57:21 -04:00 |
|
Thomas Strömberg
|
4abe0fa6da
|
Merge pull request #308 from tstromberg/lusca
More checks for unusual process names inspired by Earth Lusca
|
2023-09-18 14:27:09 -04:00 |
|
Thomas Stromberg
|
cf175ec48d
|
More checks for unusual process names inspired by Earth Lusca
|
2023-09-18 14:14:40 -04:00 |
|
Thomas Strömberg
|
9963a4e3c6
|
Merge pull request #307 from tstromberg/fpr-sep14
fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell
|
2023-09-14 17:16:30 -04:00 |
|
Thomas Strömberg
|
6adfb1d109
|
Merge pull request #304 from tstromberg/infostealerz
Add primitive name-based detection for possible InfoStealers
|
2023-09-14 17:14:07 -04:00 |
|
Thomas Stromberg
|
f16c3cdf53
|
fpr: sourcegraph, nginx, factorio, fan control, emacs, nushell
|
2023-09-14 17:13:12 -04:00 |
|
Thomas Strömberg
|
e97f2fd344
|
Merge pull request #306 from tstromberg/apt36-desktop
Improve base64/crontab detection
|
2023-09-14 16:43:47 -04:00 |
|
Thomas Stromberg
|
a041305145
|
Improve base64/crontab detection
|
2023-09-14 16:39:35 -04:00 |
|
Thomas Strömberg
|
a9eba00fb6
|
Merge pull request #305 from tstromberg/acrobat-reader
Detect vulnerable versions of Acrobat Reader
|
2023-09-14 16:37:45 -04:00 |
|
Thomas Stromberg
|
961a673a52
|
Detect vulnerable versions of Acrobat Reader
|
2023-09-14 16:30:05 -04:00 |
|
Thomas Stromberg
|
e2d6fa58a7
|
Add primitive name-based detection for possible InfoStealers
|
2023-09-12 10:19:22 -04:00 |
|
Thomas Strömberg
|
b93654a9c9
|
Merge pull request #303 from tstromberg/faster-chmod-detection
Improve unexpected-chmod-exec-event performance
|
2023-09-05 12:42:08 -04:00 |
|
Thomas Stromberg
|
f17381eaa3
|
Improve unexpected-chmod-exec-event performance
|
2023-09-05 12:14:47 -04:00 |
|
Thomas Strömberg
|
62d3dfb15b
|
Merge pull request #302 from tstromberg/fpr-sep1
False positive flush for common issues seen in August
|
2023-09-01 17:36:06 -04:00 |
|
Thomas Stromberg
|
190e8adcfd
|
Merge to master
|
2023-09-01 17:34:36 -04:00 |
|
Thomas Stromberg
|
b889cde6d5
|
Additional fixes for Ventura & Capture One
|
2023-09-01 17:27:27 -04:00 |
|
Thomas Stromberg
|
84125c4bb1
|
Remove recently common false positives
|
2023-09-01 17:09:47 -04:00 |
|
Thomas Strömberg
|
7ec9de294c
|
Merge pull request #301 from tstromberg/fpr-aug15
FPR: Fortinet, Epic Games, latest Ubuntu, Keybase, Loom
|
2023-08-15 18:31:43 -04:00 |
|
Thomas Stromberg
|
188bc78f4c
|
Fix errors
|
2023-08-15 18:29:27 -04:00 |
|
Thomas Stromberg
|
dce2eb2af5
|
Add many exceptions
|
2023-08-15 18:13:06 -04:00 |
|
Thomas Strömberg
|
d49d9487de
|
Merge pull request #300 from tstromberg/fpr-jul20
fpr; Keybase, grype, UpdateBrainService, OpenOffice, sqlproxy
|
2023-07-20 10:57:12 -04:00 |
|
Thomas Stromberg
|
ce2f0f06cb
|
fpr; Keybase, grype, UpdateBrainService, OpenOffice, sqlproxy
|
2023-07-20 10:56:49 -04:00 |
|
Thomas Strömberg
|
f7444b8477
|
Merge pull request #299 from tstromberg/fpr-jul19
fpr: nvidia drivers, su, agetty, crystalhd, hercules, etc
|
2023-07-19 15:24:36 -04:00 |
|
Thomas Stromberg
|
921cdc521e
|
fpr: nvidia drivers, su, agetty, crystalhd, hercules, etc
|
2023-07-19 15:22:43 -04:00 |
|
Thomas Strömberg
|
931ef2ab15
|
Merge pull request #298 from tstromberg/fpr-jul13
fpr: Revolt, Bearly, user executables, melange
|
2023-07-13 19:51:32 -04:00 |
|
Thomas Stromberg
|
485f69a61c
|
fpr: Revolt, Bearly, user executables, melange
|
2023-07-13 19:43:35 -04:00 |
|
Thomas Strömberg
|
82cd9bc7ff
|
Merge pull request #297 from tstromberg/fpr-jul12
fpr: Velociraptor, nessus, kandji, java, SteelSeries, etc
|
2023-07-12 19:44:17 -04:00 |
Thomas Stromberg
|
d310dac7cc
|
Fix velociraptor exception
|
2023-07-12 19:30:05 -04:00 |
|
Thomas Stromberg
|
870ea132ee
|
Decrease search depth for performance
|
2023-07-12 19:29:48 -04:00 |
|
Thomas Stromberg
|
b22625d38a
|
Add more velociraptor exceptions
|
2023-07-12 17:42:02 -04:00 |
|
Thomas Stromberg
|
979cef837b
|
fix missing comma
|
2023-07-12 17:40:06 -04:00 |
|
Thomas Stromberg
|
a0e4183bf4
|
fpr: Velociraptor, nessus, kandji, java, SteelSeries, etc
|
2023-07-12 17:38:26 -04:00 |
|
Thomas Strömberg
|
656df2055e
|
Merge pull request #296 from tstromberg/process-ext
Add rustbucket comment
|
2023-07-12 16:46:24 -04:00 |
|
Thomas Stromberg
|
6acc441dcf
|
Add rustbucket comment
|
2023-07-12 16:46:00 -04:00 |
|
Thomas Strömberg
|
6182f2957e
|
Merge pull request #295 from tstromberg/process-ext
netutil calls: add nscurl
|
2023-07-12 16:45:49 -04:00 |
|
Thomas Stromberg
|
8e73ef70d2
|
netutil calls: add nscurl
|
2023-07-12 16:45:09 -04:00 |
|
Thomas Strömberg
|
edbe3fa1f6
|
Merge pull request #294 from tstromberg/process-ext
macOS sysutils: add csrutil, ditto, unzip, whoami, system_profiler
|
2023-07-12 16:44:50 -04:00 |
|
Thomas Stromberg
|
bb5f597b2a
|
macOS sysutils: add csrutil, ditto, unzip, whoami, system_profiler
|
2023-07-12 16:44:15 -04:00 |
|
Thomas Strömberg
|
46199c7d9b
|
Merge pull request #293 from tstromberg/process-ext
new detector: unexpected process extension linux
|
2023-07-12 16:28:47 -04:00 |
|
Thomas Stromberg
|
a7cd9abaf3
|
new detector: unexpected process extension linux
|
2023-07-12 16:06:05 -04:00 |
|
Thomas Strömberg
|
a34a3dc2e2
|
Merge pull request #292 from tstromberg/fpr-velociraptor
fpr: Velociraptor, Hyprland, iio
|
2023-07-12 16:02:42 -04:00 |
|
Thomas Stromberg
|
430f397f1e
|
fpr: Velociraptor, Hyprland, iio
|
2023-07-12 15:00:36 -04:00 |
|
Thomas Strömberg
|
3a0902b04b
|
Merge pull request #291 from tstromberg/chrome-management-perms
unexpected chrome extension: Check for 'management' permission
|
2023-07-05 12:49:28 -04:00 |