From 14e0d234c3da1fc61e17e06f1197e05ac4e7e246 Mon Sep 17 00:00:00 2001
From: Daniel Cortez <32076062+DefenderDaniel@users.noreply.github.com>
Date: Sat, 31 Aug 2024 08:14:04 -0700
Subject: [PATCH] Add Sigma detection and resource link to pbpaste.yml (#207)

---
 LOOBins/pbpaste.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/LOOBins/pbpaste.yml b/LOOBins/pbpaste.yml
index b7fbdf5..091867f 100644
--- a/LOOBins/pbpaste.yml
+++ b/LOOBins/pbpaste.yml
@@ -16,8 +16,10 @@ example_use_cases:
 paths:
 - /usr/bin/pbpaste
 detections:
-- name: No detections at time of publishing
-  url: N/A
+- name: 'Sigma: Clipboard Data Collection Via Pbpaste'
+  url: https://github.com/SigmaHQ/sigma/blob/master/rules-threat-hunting/macos/process_creation/proc_creation_macos_pbpaste_execution.yml
 resources:
 - name: 'Hacking macOS: How to Dump 1Password, KeePassX & LastPass Passwords in Plaintext'
   url: https://medium.com/@NullByteWht/hacking-macos-how-to-dump-1password-keepassx-lastpass-passwords-in-plaintext-723c5b1c311b
+- name: 'Living-off-the-Land: Exploring macOS LOOBins and Crafting Detection Rules - pbpaste'
+  url: https://danielcortez.substack.com/p/living-off-the-land-exploring-macos-b65