-
Notifications
You must be signed in to change notification settings - Fork 92
/
HACKING
73 lines (66 loc) · 2.1 KB
/
HACKING
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
General:
* doc/* exists for a reason
* Cross link to related issues as https://github.com/timb-machine/linux-malware/issues/<N>
in industry references
* Issue template can be found as .github/ISSUE_TEMPLATE/intel.yml
* Current intel workflow is something like:
* src/tools/sync-issues.sh "updated:>=2022-04-25"
* src/tools/generate-README.md.py
* src/tools/generate-ATT&CK.md.py
* src/tools/retrieve-articles.sh
* src/tools/intel-lint.sh
* src/tools/analyse-articles.pl
* src/tools/sync-issues.sh "updated:>=2022-04-25"
* Current binary workflow is something like:
* src/tools/unpack-binaries.sh
* src/tools/scan-binaries.sh
* src/tools/triage-binary.sh <binary name>
* src/tools/binary-lint.sh
Commits:
* Automated commits from workflow should take form of "Updated <YYYYMMDDD>[.<N>]"
unless they relate to:
* Articles - "Added crudely archived articles"
* Code - "Added referenced ... as submodules"
* src & docs - "Added <path> to ..." and "Updated <path> to ..."
Tags:
* location: Industry reference > Location
* vertical: Industry reference > Vertical
* attack: - Industry reference > ATT&CK technique
* uses: - Industry reference >
* ksh93
* Go
* JavaScript
* ElectronJS
* Python
* Perl
* SHC
* CrossCompile
* Non-persistantStorage
* RedirectionToNull
* ProcessTreeSpoofing
* ProcessTreeSpoofingBindMountProc
* BPF
* eBPF
* DTrace
* Auditd
* LD_PRELOAD
* LKM
* PortHiding
* k8s
* delivery: - Industry reference > Delivery
* PyPI
* NPM
* wltm - Malware reference > Binary wanted
Labels:
* new - on initial submission
* confirmed - vetted and issue cleaned up
* duplicate - duplicate finding
* deprecated - dummy issue
* enhancement - idea to improve the data
* ignore:malware - not really a specific piece of malware
* ignore:submodule - not really a specific offensive or defensive tool
* missing:classification - intel not classified
* missing:malware - sample not present
* missing:submodule - offensive or defensive tool not present
* missing:tactics - tactics not defined
* missing:tag: - industry reference not present, this can be any uses:/delivery: tag