Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Look for hidden directories #69

Closed
tclahr opened this issue Jul 4, 2022 Discussed in #67 · 1 comment
Closed

Look for hidden directories #69

tclahr opened this issue Jul 4, 2022 Discussed in #67 · 1 comment
Assignees
@tclahr
Labels
status: development In development phase type: artifact Improvements or additions to artifacts

Comments

@tclahr
Copy link
Owner

tclahr commented Jul 4, 2022

Discussed in #67

Originally posted by halpomeranz July 2, 2022
Outside of user home directories, directory names starting with "." are uncommon. But we'll often see attackers staging tools in directories like "/tmp/.ICEd-unix". How about adding a check to list hidden directories that are not in user profile directories?

find / -path /root -prune -o -path /home/\* -prune -o -type d -name .\* -print
@tclahr tclahr self-assigned this Jul 4, 2022
@tclahr tclahr added the type: artifact Improvements or additions to artifacts label Jul 4, 2022
@tclahr tclahr added the status: development In development phase label Jul 13, 2022
@tclahr
Copy link
Owner Author

tclahr commented Jul 15, 2022

Added an artifact that will list both hidden files and directories outside home dirs.

live_response/system/hidden_files_directories.yaml

Available in the develop branch.

@tclahr tclahr closed this as completed Jul 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tclahr tclahr

Labels
status: development In development phase type: artifact Improvements or additions to artifacts
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tclahr