-
We currently give gdb (which uses ptrace) as an example to trigger the Anti Debugging rule. This example doesn't represent the real use of Tracee to detect attacks and we should replace it with a real…
-
https://attack.mitre.org/resources/updates/updates-april-2023/index.html
### New Techniques
- [x] #753
- [x] #754
- not obviously relevant:
- [x] Unsecured Credentials: [Chat Messages](ht…
-
By using symlinks attackers can potentially bypass Falco rules. This is because in our drivers, we take data from syscall arguments and by doing so, we implicitly trust something that is coming from u…
-
# 每日安全资讯(2023-07-20)
- HackerOne Hacker Activity
- [ ] [Bypass for forced re-authentication upon biometrics change](https://hackerone.com/reports/1929915)
- [ ] [heap-buffer-overflow in gc_writeb…
-
# 每日安全资讯(2023-06-24)
- HackerOne Hacker Activity
- [ ] [Ability to join an arbitrary workspace by utilizing a proxy to manipulate invite links](https://hackerone.com/reports/1716016)
- [ ] [Exter…
-
### Verified issue does not already exist?
I have searched and found no existing issue
### What error did you receive?
Using any commands on powershell_ise.exe loads up dbatools.dat which CB is blo…
-
I would like to add a command that lists out the TTP names according to computers.
We only know the technique IDs so need to lookup the names from https://github.com/mitre/cti/blob/master/enterpris…
-
# 每日安全资讯(2023-07-13)
- Security Boulevard
- [ ] [NETSCOUT Uses Machine Learning to Help Thwart DDoS Attacks](https://securityboulevard.com/2023/07/netscout-uses-machine-learning-to-help-thwart-ddos…
-
This issue is for tracking the development of a more generic and robust solution to detect the classic drop an implant and execute it TTP called "drop+exec". In addition, perform threat modeling not…
-
In the Plan table, Fileless attack detection is listed as not included in Plan 1.
However, since Plan 1 includes EDR, then Fileless attack detection is included as part of the EDR technology accord…