RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2024-12-15 18:44:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
dc154a6199
osquery-defense-kit/detection
History
Thomas Stromberg dc154a6199
FPR: Meta Pixel Helper, systemctl, pia-daemon, 1Passwd, iTerm, Brave
2023-01-20 09:04:00 -05:00
..
c2 FPR: Meta Pixel Helper, systemctl, pia-daemon, 1Passwd, iTerm, Brave 2023-01-20 09:04:00 -05:00
collection False positives: apt-daily, github runner, Slack helper, Foxit, syncthing 2023-01-19 11:52:31 -05:00
credentials FPR: Meta Pixel Helper, systemctl, pia-daemon, 1Passwd, iTerm, Brave 2023-01-20 09:04:00 -05:00
discovery Less false positives: particularly among systemctl calls 2023-01-20 08:40:08 -05:00
evasion FPR: Meta Pixel Helper, systemctl, pia-daemon, 1Passwd, iTerm, Brave 2023-01-20 09:04:00 -05:00
execution FPR: Meta Pixel Helper, systemctl, pia-daemon, 1Passwd, iTerm, Brave 2023-01-20 09:04:00 -05:00
exfil FP removal: Selenium, PolKit helper, gephi, docker-credential-gcloud, firejail, etc 2023-01-16 12:56:39 -05:00
impact Filter out new false positives 2023-01-13 15:24:18 -05:00
initial_access FPR: Meta Pixel Helper, systemctl, pia-daemon, 1Passwd, iTerm, Brave 2023-01-20 09:04:00 -05:00
persistence FPR: Meta Pixel Helper, systemctl, pia-daemon, 1Passwd, iTerm, Brave 2023-01-20 09:04:00 -05:00
privesc False positives: homekit, setxid overflows, buildx, tmp files 2023-01-18 10:57:43 -05:00