Skip to content

ayeheinzayar/Sigma4GTFOBins

Repository files navigation

sigma4GTFOBins

Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others.

  • Sigma
    Author : Florian Roth ( Author of Sigma, Loki, munin, yarGen and other tools )
    Github : Neo23x0

Rule Detection Guide Sigma Template

On the other hand, GTFOBins is a list of Unix binaries that can be abused to get the f****k to break out restricted access from Unix local security restrictions. These bypassing techniques can perform multiple abusive functions such as escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells and facilitate the other post-exploitations tasks.

Detection of GTFOBins with Sigma rules can be found at,

Raw detections with 7 usecases,

**This repo contains the Sigma rules to detect GTFOBins which unix binaries will bypass security restrictions.

About

Sigma rules for GTFOBins linux command detection

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published