RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-03-01 08:20:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
a655122eec
osquery-defense-kit/detection
History
Thomas Stromberg a655122eec
name path mismatch: only whitelist shells with same cmdlines
2023-02-17 10:47:49 -05:00
..
c2 fpr: ACE, Prusa, steam, pacman, Xcode, Adobe 2023-02-14 20:16:02 -05:00
collection fpr: ACE, Prusa, steam, pacman, Xcode, Adobe 2023-02-14 20:16:02 -05:00
credentials fpr: ACE, Prusa, steam, pacman, Xcode, Adobe 2023-02-14 20:16:02 -05:00
discovery fpr: Nessus, mysql-shell, ntia-checker, Ecamm, CopyClip, etc 2023-02-14 08:33:05 -05:00
evasion name path mismatch: only whitelist shells with same cmdlines 2023-02-17 10:47:49 -05:00
execution Look for setuid binaries in /usr/libexec too 2023-02-17 10:41:28 -05:00
exfil fpr: New Chrome etxensions, vbox, chrome, gcloud, gdm3, yay, etc 2023-01-30 14:58:47 -05:00
impact fpr: minikube, tailscale, dex, pacman, virtualbox, steam, lsmod, busybox, etc 2023-01-23 20:33:52 -05:00
initial_access fpr: ACE, Prusa, steam, pacman, Xcode, Adobe 2023-02-14 20:16:02 -05:00
persistence New detector: unexpected ssh-authorized-keys 2023-02-14 20:36:27 -05:00
privesc Linux events: decrease CPU usage of elevated children & execdir 2023-02-17 10:40:58 -05:00