Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Look for hidden directories #69

Closed
tclahr opened this issue Jul 4, 2022 Discussed in #67 · 1 comment
Closed

Look for hidden directories #69

tclahr opened this issue Jul 4, 2022 Discussed in #67 · 1 comment
Assignees
@tclahr
Labels
status: development In development phase type: artifact Improvements or additions to artifacts

Comments

@tclahr
Copy link
Owner

tclahr commented Jul 4, 2022

Discussed in #67

Originally posted by halpomeranz July 2, 2022
Outside of user home directories, directory names starting with "." are uncommon. But we'll often see attackers staging tools in directories like "/tmp/.ICEd-unix". How about adding a check to list hidden directories that are not in user profile directories?

find / -path /root -prune -o -path /home/\* -prune -o -type d -name .\* -print
@tclahr tclahr self-assigned this Jul 4, 2022
@tclahr tclahr added the type: artifact Improvements or additions to artifacts label Jul 4, 2022
@tclahr tclahr added the status: development In development phase label Jul 13, 2022
@tclahr
Copy link
Owner Author

tclahr commented Jul 15, 2022

Added an artifact that will list both hidden files and directories outside home dirs.

live_response/system/hidden_files_directories.yaml

Available in the develop branch.

@tclahr tclahr closed this as completed Jul 15, 2022
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@tclahr tclahr

Labels
status: development In development phase type: artifact Improvements or additions to artifacts
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tclahr