search

redcanaryco / surveyor

A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.
MIT License
172 stars 61 forks source link

Update: scripting definition file #58

Open pmichaudrc opened 2 years ago

pmichaudrc commented 2 years ago

Which category is the feature part of?

Use Cases

Proposal Update the contents of the scripting definition file

Additional context Add any other context or screenshots about the feature request here.

rc-abodkins commented 2 years ago

Updates from when this was worked on in August 2021.

{
    "AutoIt": { 
        "process_name": ["autoit.exe"]
    },
    "Powershell": { 
        "process_name": ["powershell*.exe", "pwsh.exe", "posh.exe", "runscripthelper.exe"]
    },
    "PSExec": { 
        "process_name": ["psexec*.exe",
                         "psexesvc.exe"]
    },
    "Windows Shell": { 
        "process_name": ["cmd.exe"]
    },
    "WScript": { 
        "process_name": ["wscript.exe"]
    },
    "CScript": { 
        "process_name": ["cscript.exe"]
    },
    "Jscript":{
        "process_name": ["jscript.exe"]
    }
    "Python": { 
        "process_name": ["python*.exe"]
    },
    "Perl": { 
        "process_name": ["perl*.exe"]
    },
    "PHP":{
        "process_name":["php.exe", "php-cgi.exe"]
    },
    "mshta": {
        "process_name": ["mshta.exe"]
    }, 
    "hh":{
        "process_name": ["hh.exe"]
    }, 
    "Diskshadow": {
        "process_name":["diskshadow.exe"]
    }, 
    "CSC": {
        "process_name":["csc.exe"]
    }, 
    "msbuild":{
        "process_name":["msbuild.exe"]
    }, 
    "GPscript.exe":{
        "process_name":["gpscript.exe"]
    }, 
    "Windows Subsystem for Linux":{
        "process_name":["bash.exe"]
    }
}