infosecB/LOOBins issues and pull requests

#209 - bump to version 1.7.2

Pull Request - State: closed - Opened by infosecB about 1 month ago

#208 - Adding Sigma rules and references to tmutil.yml

Pull Request - State: closed - Opened by DefenderDaniel about 1 month ago

#207 - Adding Sigma detection and resource link to pbpaste.yml

Pull Request - State: closed - Opened by DefenderDaniel about 1 month ago

#206 - Adding Sigma Detection to nscurl.yml

Pull Request - State: closed - Opened by DefenderDaniel about 1 month ago

#205 - bump to 1.7.1

Pull Request - State: closed - Opened by infosecB about 2 months ago

#204 - Fix job name, deploy

Pull Request - State: closed - Opened by infosecB about 2 months ago

#203 - add poetry version bump

Pull Request - State: closed - Opened by infosecB about 2 months ago

#202 - use PAT instead of github_token for tagging

Pull Request - State: closed - Opened by infosecB 2 months ago

#201 - Jamf Protect: Linking additional LOOBins to Jamf Protect

Pull Request - State: closed - Opened by txhaflaire 2 months ago - 2 comments

#200 - Adding initial version of the `codesign` loobin

Pull Request - State: closed - Opened by txhaflaire 2 months ago

#199 - Add another example for the `log` loobin

Pull Request - State: closed - Opened by txhaflaire 2 months ago

#198 - add bump action

Pull Request - State: closed - Opened by infosecB 2 months ago

#197 - Update defaults

Pull Request - State: closed - Opened by demonduck 2 months ago

#196 - Adding chflags command

Pull Request - State: closed - Opened by demonduck 2 months ago - 1 comment

#195 - Add LOOBin for chflags

Issue - State: closed - Opened by demonduck 2 months ago

#194 - Add detections that are applicable with Jamf Protect

Pull Request - State: closed - Opened by txhaflaire 2 months ago - 2 comments

#193 - Add LOOBin for streamzip

Issue - State: closed - Opened by 0xv1n 3 months ago

#192 - Adds LOOBin for streamzip

Pull Request - State: closed - Opened by 0xv1n 3 months ago - 2 comments

#191 - bump to version 1.7

Pull Request - State: closed - Opened by infosecB 4 months ago

#190 - fix: Broken links to Check Point research

Pull Request - State: closed - Opened by 0xv1n 4 months ago - 1 comment

#189 - New use cases for launchctl, dscl, csrutil

Pull Request - State: closed - Opened by marcopedrinazzi 4 months ago - 1 comment

#188 - Updated dscacheutil with 2 new use cases, fix descriptions of previous use cases

Pull Request - State: closed - Opened by marcopedrinazzi 4 months ago

#187 - Add LOOBin for lsappinfo

Issue - State: open - Opened by infosecB 5 months ago

#186 - bump to version 1.6

Pull Request - State: closed - Opened by infosecB 6 months ago

#185 - Update defaults

Pull Request - State: closed - Opened by infosecB 6 months ago

#184 - Updated YAML file for nscurl

Pull Request - State: closed - Opened by DefenderDaniel 6 months ago - 1 comment

#183 - Update detection for ioreg.yml

Pull Request - State: closed - Opened by pratinavchandra 6 months ago - 1 comment

#182 - Update detection for system_profiler.yml

Pull Request - State: closed - Opened by pratinavchandra 6 months ago

#181 - Change dscl

Pull Request - State: closed - Opened by Res260 8 months ago

#180 - Fix test ci

Pull Request - State: closed - Opened by infosecB 9 months ago

#177 - Add version argument to cli

Pull Request - State: closed - Opened by infosecB 9 months ago

#176 - Add event samples to LOOBin schema

Issue - State: open - Opened by infosecB 9 months ago

#175 - Migrate to Pydantic v2

Pull Request - State: closed - Opened by infosecB 9 months ago

#174 - bump to version 1.4.3

Pull Request - State: closed - Opened by infosecB 9 months ago

#173 - Formatting and spelling fixes

Pull Request - State: closed - Opened by infosecB 9 months ago

#171 - bump to 1.4.2

Pull Request - State: closed - Opened by infosecB 9 months ago

#170 - Add swift

Pull Request - State: closed - Opened by 0v3rride 9 months ago - 1 comment

#169 - Add LOOBin for swift

Issue - State: closed - Opened by 0v3rride 10 months ago

#168 - killall.yml

Pull Request - State: closed - Opened by Uptycs-PratikJ 10 months ago - 1 comment

#167 - Change tactics in osacompile

Pull Request - State: closed - Opened by Res260 10 months ago - 1 comment

#166 - Bump v1.4.1

Pull Request - State: closed - Opened by infosecB 11 months ago

#165 - Rename say extension

Pull Request - State: closed - Opened by infosecB 11 months ago

#164 - Bump to v1.4

Pull Request - State: closed - Opened by infosecB 11 months ago

#163 - Adding Say command

Pull Request - State: closed - Opened by pinarsadioglu 11 months ago - 1 comment

#162 - Add LOOBin for Say

Issue - State: closed - Opened by pinarsadioglu 11 months ago

#161 - Change several mentions of reconnaissance to discovery

Pull Request - State: closed - Opened by Res260 11 months ago

#160 - Add the "Defense Evasion" tactic to ssh-keygen

Pull Request - State: closed - Opened by Res260 11 months ago

#159 - Add the "Defense Evasion" tactic to caffeinate

Pull Request - State: closed - Opened by Res260 11 months ago

#158 - Remove the "Execution" tactic from 4 LOOBins

Pull Request - State: closed - Opened by Res260 11 months ago - 1 comment

#157 - Bump to version 1.3

Pull Request - State: closed - Opened by infosecB 12 months ago

#156 - Remove "Privilege Escalation" tactic from "xattr".

Pull Request - State: closed - Opened by Res260 12 months ago

#155 - Add "Defense Evasion" to tactics of the Ditto LOOBin

Pull Request - State: closed - Opened by Res260 12 months ago - 1 comment

#154 - Add YAML file for binary sfltool

Pull Request - State: closed - Opened by Koyiott about 1 year ago

#153 - Add YAML file for binary sw_vers

Pull Request - State: closed - Opened by Koyiott about 1 year ago - 1 comment

#152 - Adding systemsetup

Pull Request - State: closed - Opened by cyberbuff about 1 year ago - 1 comment

#151 - Bump to v1.2.0

Pull Request - State: closed - Opened by infosecB about 1 year ago

#150 - Add LOOBins for dscacheutil, dsconfigad and odutil

Pull Request - State: closed - Opened by ethan-nay about 1 year ago - 1 comment

#149 - Add LOOBin for dshelperplugin

Issue - State: open - Opened by infosecB about 1 year ago
Labels: help wanted

#148 - ioreg fix spelling errors

Pull Request - State: closed - Opened by infosecB about 1 year ago

#147 - Add YAML file for binary kextstat

Pull Request - State: closed - Opened by MarkMorow about 1 year ago - 1 comment

#146 - add workflow dispatch trigger

Pull Request - State: closed - Opened by infosecB about 1 year ago

#145 - 144 create build ci workflow

Pull Request - State: closed - Opened by infosecB about 1 year ago

#144 - Create build ci workflow

Issue - State: closed - Opened by infosecB about 1 year ago

#143 - Add LOOBin for security_authtrampoline

Issue - State: open - Opened by infosecB about 1 year ago - 2 comments

#142 - Spelling error: ioreg use case #2

Issue - State: closed - Opened by infosecB about 1 year ago
Labels: bug

#141 - Add LOOBin for sw_vers

Issue - State: closed - Opened by infosecB about 1 year ago
Labels: help wanted

#140 - Add LOOBins for caffeinate, system_profiler

Pull Request - State: closed - Opened by ethan-nay about 1 year ago - 1 comment

#139 - Add LOOBin for sandbox-exec

Issue - State: closed - Opened by infosecB over 1 year ago

#138 - Bump to v1.1

Pull Request - State: closed - Opened by infosecB over 1 year ago

#137 - Add mktemp

Pull Request - State: closed - Opened by bobby-tablez over 1 year ago - 1 comment

#136 - Add YAML file for scutil

Pull Request - State: closed - Opened by ethan-nay over 1 year ago - 1 comment

#135 - Add LOOBin for log

Pull Request - State: closed - Opened by infosecB over 1 year ago

#134 - feat: add mdls LOOBin data

Pull Request - State: closed - Opened by shellcromancer over 1 year ago - 1 comment

#133 - Update mdfind, dns-sd

Pull Request - State: closed - Opened by infosecB over 1 year ago

#132 - Add LOOBin for launchctl

Pull Request - State: closed - Opened by caffeinatedJAC over 1 year ago - 1 comment

#131 - Update dns-sd, mdfind

Issue - State: closed - Opened by infosecB over 1 year ago

#130 - Add LOOBin for nc

Issue - State: closed - Opened by infosecB over 1 year ago - 1 comment

#129 - Readme cleanup

Pull Request - State: closed - Opened by infosecB over 1 year ago

#128 - Release prep

Pull Request - State: closed - Opened by infosecB over 1 year ago

#127 - Minor edits

Pull Request - State: closed - Opened by infosecB over 1 year ago

#126 - Multiple loobins, readme updates, gitci tweaks

Pull Request - State: closed - Opened by infosecB over 1 year ago

#125 - Fix PyLOOBins LOOBins site dir path definition

Pull Request - State: closed - Opened by infosecB over 1 year ago

#124 - Fix PyLOOBins LOOBins site dir path definition

Issue - State: closed - Opened by infosecB over 1 year ago
Labels: bug

#123 - Update CONTRIBUTING.md

Pull Request - State: closed - Opened by MarkMorow over 1 year ago - 1 comment

#122 - Add LOOBin for nscurl & ssh-keygen

Pull Request - State: closed - Opened by D00MFist over 1 year ago - 1 comment

#121 - Add LOOBin for spctl

Issue - State: closed - Opened by infosecB over 1 year ago

#120 - Add hdiutil.yml

Pull Request - State: closed - Opened by MarkMorow over 1 year ago - 1 comment

#119 - bump version

Pull Request - State: closed - Opened by infosecB over 1 year ago

#118 - Fix validate def arg

Pull Request - State: closed - Opened by infosecB over 1 year ago

#117 - Fix validate_loobin_schema action

Pull Request - State: closed - Opened by infosecB over 1 year ago

#116 - Add LOOBin for safaridriver

Pull Request - State: closed - Opened by infosecB over 1 year ago

#115 - Update cli docs

Pull Request - State: closed - Opened by infosecB over 1 year ago

#114 - Multiple pyloobin fixes / updates

Pull Request - State: closed - Opened by infosecB over 1 year ago

#113 - Add LOOBin for dns-sd

Pull Request - State: closed - Opened by infosecB over 1 year ago

#112 - Add LOOBin for tclsh

Pull Request - State: closed - Opened by infosecB over 1 year ago

#111 - Add LOOBin for profiles

Pull Request - State: closed - Opened by Will03 over 1 year ago - 1 comment

#110 - Add LOOBin for ssh-keygen

Issue - State: closed - Opened by infosecB over 1 year ago - 1 comment

#109 - Add LOOBin for tclsh

Issue - State: closed - Opened by infosecB over 1 year ago
Labels: help wanted

#108 - csrutil

Pull Request - State: closed - Opened by megancarney over 1 year ago - 1 comment

#107 - Add LOOBin for lsregister

Pull Request - State: closed - Opened by infosecB over 1 year ago

GitHub / infosecB/LOOBins issues and pull requests