issues
search
rabbitstack
/
fibratus
Adversary tradecraft detection, protection, and hunting
https://www.fibratus.io
Other
2.21k
stars
189
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
chore(kcap): Persist process flags in capture
#372
rabbitstack
opened
4 days ago
0
fix(proc): Spurious conditions when querying process protection attributes
#371
rabbitstack
opened
5 days ago
0
fix(rules): Reduce `Unsigned DLL injection via remote thread` false p…
#370
rabbitstack
closed
1 week ago
0
fix(rules): Reduce `RID Hijacking` rule false positives
#369
rabbitstack
closed
2 days ago
0
feat(rules): New `Hidden local account creation` rule
#368
rabbitstack
opened
1 week ago
0
feat(rules): New `Potential injection via .NET debugging` rule
#367
rabbitstack
opened
1 week ago
0
fix(process): Solidify env var parsing
#366
rabbitstack
closed
1 week ago
0
chore: Cosmetic README change
#365
rabbitstack
closed
1 week ago
0
chore: Include rules section in the README
#364
rabbitstack
closed
1 week ago
0
chore: Update license copyright date
#363
rabbitstack
closed
1 week ago
0
feat(filter, proc): Process flags filter fields
#362
rabbitstack
closed
1 week ago
0
chore: Reorganize pull request template
#361
rabbitstack
closed
1 week ago
0
fix(ci,linter): Increment linter timeout
#360
rabbitstack
closed
1 week ago
0
chore(rules): Reformat rule conditions
#359
rabbitstack
closed
1 week ago
0
feat(rules): New `.NET assembly loaded by unmanaged process` rule
#358
rabbitstack
closed
1 week ago
0
feat(rules): New `AppDomain Manager injection via CLR search order hijacking` rule
#357
rabbitstack
closed
1 week ago
0
fix(eventsource,etw): Correct file object lookup misses expvar
#356
rabbitstack
closed
3 days ago
0
chore(alertsenders): Generate message compiler input file
#355
rabbitstack
opened
1 week ago
0
chore(rules): Replace deprecated filter field
#354
rabbitstack
closed
1 week ago
0
chore(cli): Surface missing labels in rules validation subcommand
#353
rabbitstack
closed
3 days ago
0
fix(processors, pe): Improve NTFS parser error handling
#352
rabbitstack
closed
3 days ago
0
chore(deps): Bump `www.velocidex.com/golang/go-ntfs` to latest version
#351
rabbitstack
opened
1 week ago
0
chore(deps, pe): Bump `saferwall/pe` from 1.4.4 to 1.5.4
#350
rabbitstack
closed
3 days ago
0
fix(rules): Correct usage of not operator on bool fields
#349
rabbitstack
closed
6 days ago
0
refactor(alertsenders/mail): Move template rendering to sender
#348
rabbitstack
closed
1 week ago
0
feat(filter): Add `image.is_dotnet` filter field
#347
rabbitstack
closed
2 weeks ago
0
fix(tests): Revive event sequencer tests
#346
rabbitstack
closed
2 weeks ago
0
fix(tests): Correct expected test binary in the stack frame
#345
rabbitstack
closed
2 weeks ago
0
chore(linter): Introduce gofmt linter
#344
rabbitstack
closed
2 weeks ago
0
fix(config): Prevent loading malformed yaml
#343
rabbitstack
closed
2 days ago
0
refactor(etw): Merge controller and consumer components
#342
rabbitstack
closed
2 weeks ago
0
refactor(filter,rules): Deprecate pe.ps.child.file.name field
#341
rabbitstack
closed
3 weeks ago
0
feat(alertsenders/eventlog): Introduce verbose mode
#340
rabbitstack
closed
3 weeks ago
0
chore(alertsenders): Add alert identifier
#339
rabbitstack
closed
3 weeks ago
0
chore: Improve contributing guidelines
#338
rabbitstack
closed
3 weeks ago
0
feat(alertsender): Introduce eventlog alertsender
#337
N0vaSky
closed
3 weeks ago
0
feat(event): Augment process events with process flags
#336
rabbitstack
closed
3 weeks ago
2
feat(filter): Introduce TEB filter field
#334
rabbitstack
opened
1 month ago
0
chore: Remove support template
#333
rabbitstack
closed
1 month ago
0
chore: Introduce issues templates
#332
rabbitstack
closed
1 month ago
0
chore: Polish pull request template
#331
rabbitstack
closed
1 month ago
0
refactor(event,filter): Rename thread entrypoint parameter
#330
rabbitstack
closed
4 weeks ago
0
chore(ci): Restructure pull request template
#329
rabbitstack
closed
1 month ago
0
(fix) Enable capturing memory events when Yara scanning is enabled
#328
TheAwakener
closed
1 month ago
1
Rules engine prevents VirtualAlloc events propagation
#327
TheAwakener
opened
1 month ago
4
ci(workflows): Enforce conventional semantic PR titles
#326
rabbitstack
closed
1 month ago
0
chore: Introduce pull request template
#325
rabbitstack
closed
1 month ago
0
feat(yara): Adding yara scan trigger for PAGE_EXECUTE_READWRITE allocations
#324
TheAwakener
closed
1 month ago
14
ci(workflows): Address `set-output` deprecation
#323
rabbitstack
closed
1 month ago
0
docs: Increment release version
#322
rabbitstack
closed
1 month ago
0
Next