Skip to content

Commit

Permalink
Add Sigma detection and resource link to pbpaste.yml (#207)
Browse files Browse the repository at this point in the history
  • Loading branch information
@DefenderDaniel
DefenderDaniel authored Aug 31, 2024
1 parent 040991b commit 14e0d23
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions LOOBins/pbpaste.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,10 @@ example_use_cases:
paths:
- /usr/bin/pbpaste
detections:
- name: No detections at time of publishing
url: N/A
- name: 'Sigma: Clipboard Data Collection Via Pbpaste'
url: https://github.com/SigmaHQ/sigma/blob/master/rules-threat-hunting/macos/process_creation/proc_creation_macos_pbpaste_execution.yml
resources:
- name: 'Hacking macOS: How to Dump 1Password, KeePassX & LastPass Passwords in Plaintext'
url: https://medium.com/@NullByteWht/hacking-macos-how-to-dump-1password-keepassx-lastpass-passwords-in-plaintext-723c5b1c311b
- name: 'Living-off-the-Land: Exploring macOS LOOBins and Crafting Detection Rules - pbpaste'
url: https://danielcortez.substack.com/p/living-off-the-land-exploring-macos-b65

0 comments on commit 14e0d23

Please sign in to comment.