jymcheong / OpenEDR

Renamed to Free EDR to avoid confusion with Comodo's project

https://edr.sg

GNU General Public License v3.0

22 stars 8 forks source link

Integrating Command-line data from https://lolbas-project.github.io #7

Closed jymcheong closed 3 years ago

jymcheong commented 4 years ago

What & Why

EXE/DLL with undesirable file-ownership are blocked
Expect more Living-off-the-Land techniques aka Abusing System-Tools
LOLBAS project has comprehensive set
Existing CommandLineCluster (CLC) class that tracks first-sighting

How

Example: https://lolbas-project.github.io/lolbas/Binaries/At/#execute

Import into CLC with a score to denote known-bad.

jymcheong commented 3 years ago

tested YML Commands ingestion with https://github.com/jymcheong/OpenEDR/compare/dev#diff-a76333f2f3d0119d3e36546b87f552caff46c3ec69793e9fdc56aba9eac64e6d

jymcheong commented 3 years ago

incorporated LOLBAS data-set @ https://github.com/jymcheong/OpenEDR/commit/f1a184b916edba43891d98b595b838169d4f09c8