Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add 10 file system-based persistence techniques #955

Merged
merged 12 commits into from
Dec 3, 2024
Merged

Add 10 file system-based persistence techniques #955

merged 12 commits into from
Dec 3, 2024

Conversation

jorik-utwente
Copy link
Contributor

Add 10 file system-based persistence techniques.

All rules have a reference to an online resource describing the technique.

This PR requires #952 to be merged.

@jorik-utwente jorik-utwente changed the title Add 10 file system based persistence techniques Add 10 file system-based persistence techniques Nov 5, 2024
mr-tz
mr-tz reviewed Nov 28, 2024
View reviewed changes
Copy link
Collaborator

@mr-tz mr-tz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

First off, sorry for the delay in getting to this. I've been busy but this is great work here and I'm excited for all these new capability detections! Please see my suggestions and comments for discussion inline.

nursery/persist-via-accessibility-tools-backdoor.yml Outdated Show resolved Hide resolved
nursery/persist-via-browser-extension.yml Outdated Show resolved Hide resolved
nursery/persist-via-browser-extension.yml Outdated Show resolved Hide resolved
nursery/persist-via-host-software-binary-compromise.yml Outdated Show resolved Hide resolved
nursery/persist-via-host-software-binary-compromise.yml Outdated Show resolved Hide resolved
nursery/persist-via-get-variable-hijack.yml Outdated Show resolved Hide resolved
nursery/persist-via-iphlpapi-dll-hijack.yml Show resolved Hide resolved
nursery/persist-via-startup-folder.yml Outdated Show resolved Hide resolved
mr-tz
mr-tz approved these changes Dec 3, 2024
View reviewed changes
Copy link
Collaborator

@mr-tz mr-tz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, thanks a lot! I really appreciate all your updates, the discussions, and your proper git workflow!

@mr-tz
Copy link
Collaborator

mr-tz commented Dec 3, 2024

LGTM!
Leaving this open for 1-2 more days to give Mike and Willi a chance to chime in if they want.

mike-hunhoff
mike-hunhoff approved these changes Dec 3, 2024
View reviewed changes
Copy link
Collaborator

@mike-hunhoff mike-hunhoff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, LGTM 🚀

@mr-tz mr-tz merged commit ed816a8 into mandiant:master Dec 3, 2024
3 checks passed
@williballenthin
Copy link
Collaborator

🎉

@mr-tz mr-tz mentioned this pull request Dec 18, 2024
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mike-hunhoff mike-hunhoff mike-hunhoff approved these changes

@mr-tz mr-tz mr-tz approved these changes

@williballenthin williballenthin williballenthin approved these changes

Assignees

@williballenthin williballenthin

@mike-hunhoff mike-hunhoff

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jorik-utwente @mr-tz @williballenthin @mike-hunhoff