Skip to content

Commit

Permalink
Address OpenSearch password frequency list false positives (chainguar…
Browse files Browse the repository at this point in the history
…d-dev#416)

* Address OpenSearch password frequency list false positives

Signed-off-by: egibs <[email protected]>

* Update samples

Signed-off-by: egibs <[email protected]>

---------

Signed-off-by: egibs <[email protected]>
  • Loading branch information
egibs authored Aug 20, 2024
1 parent cf15028 commit dd5651d
Show file tree
Hide file tree
Showing 5 changed files with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions rules/combo/botnet/passwords.yara
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ rule router_password_references : critical {
$f_passw0rd = "Passw0rd"
$f_admin123 = "admin123"
$f_Admin123 = "Admin123"
$not_frequency_list = "var frequency_lists;frequency_lists={passwords:"
$not_frequency_list2 = {76 61 72 20 66 72 65 71 75 65 6E 63 79 5F 6C 69 73 74 73 3B 0A 0A 66 72 65 71 75 65 6E 63 79 5F 6C 69 73 74 73 20 3D 20 7B 0A 20 20 70 61 73 73 77 6F 72 64 73 3A 20}
$not_onepassword_sdk = "github.com/1password/onepassword-sdk"
condition:
8 of ($f*) and none of ($not*)
Expand Down
Binary file modified samples.tar.gz.aa
Binary file not shown.
Binary file modified samples.tar.gz.ab
Binary file not shown.
Binary file modified samples.tar.gz.ac
Binary file not shown.
Binary file modified samples.tar.gz.ad
Binary file not shown.

0 comments on commit dd5651d

Please sign in to comment.