Detects plugin creations in Yum plugin directories, which can be abused for persistence. Only TPs in my stack, 0 FPs in telemetry last 90d.
Yum Plugin Status Discovery
Detects the usage of grep to check whether plugins are enabled in the yum configuration. Only TPs in my stack, running Metasploit modules / my own tool & 0 FPs in telemetry last 90d.
This PR adds two new rules:
Yum Package Manager Plugin File Creation
Detects plugin creations in Yum plugin directories, which can be abused for persistence. Only TPs in my stack, 0 FPs in telemetry last 90d.
Yum Plugin Status Discovery
Detects the usage of grep to check whether plugins are enabled in the yum configuration. Only TPs in my stack, running Metasploit modules / my own tool & 0 FPs in telemetry last 90d.