v1.7.2

What's Changed

• Add Sigma rules and references to tmutil.yml by @DefenderDaniel in #208
• Add Sigma Detection to nscurl.yml by @DefenderDaniel in #206
• Add Sigma detection and resource link to pbpaste.yml by @DefenderDaniel in #207

Full Changelog: v1.7.1...v1.7.2

v1.7.1

What's Changed

New LOOBins

• Add LOOBin for streamzip by @0xv1n in #192
• Add LOOBins for codesign by @txhaflaire in #200

Updated LOOBins

• Update defaults by @demonduck in #197
• Adding chflags command by @demonduck in #196
• Add multiple Jamf Protect detection rules by @txhaflaire in #201, #194
• Add another example for the log loobin by @txhaflaire in #199

New Contributors

• @demonduck made their first contribution in #197
• @txhaflaire made their first contribution in #194

Full Changelog: v1.7.0...v1.7.1

v1.7.0

What's Changed

• Add use cases for launchctl, dscl, csrutil by @marcopedrinazzi in #189
• Add use cases for dscacheutil, fix descriptions of previous use cases by @marcopedrinazzi in #188
• Fix broken links to Check Point research by @0xv1n in #190

New Contributors

• @marcopedrinazzi made their first contribution in #189
• @0xv1n made their first contribution in #190

Full Changelog: v1.6.0...v1.7.0

v1.6.0

What's Changed

• Update dscl by @Res260 in #181
• Update ioreg.yml by @pratinavchandra in #183
• Update system_profiler.yml by @pratinavchandra in #182
• Update nscurl by @DefenderDaniel in #184
• Update defaults by @infosecB in #185

New Contributors

• @pratinavchandra made their first contribution in #183
• @DefenderDaniel made their first contribution in #184

Full Changelog: v1.5.0...v1.6.0

LOOBins v1.5.0

What's Changed

• Migrate to Pydantic v2 by @infosecB in #175
• Add version argument to PyLOOBins cli by @infosecB in #177
• Add test to release Github action by @infosecB in #178

Full Changelog: v1.4.3...v1.5.0

LOOBins v1.4.3

What's Changed

• Add release action, remove pre by @infosecB in #172
• Formatting and spelling fixes by @infosecB in #173

Full Changelog: v1.4.2...v1.4.3

LOOBins v1.4.2

What's Changed

• Change tactics in osacompile by @Res260 in #167
• Add swift by @0v3rride in #170

New Contributors

• @0v3rride made their first contribution in #170

Full Changelog: v1.4.1...v1.4.2

LOOBins v1.4.1

What's Changed

New Binaries

• Adding Say command by @pinarsadioglu in #163

Updated Binaries

• Remove the "Execution" tactic from 4 LOOBins by @Res260 in #158
• Add the "Defense Evasion" tactic to caffeinate by @Res260 in #159
• Add the "Defense Evasion" tactic to ssh-keygen by @Res260 in #160
• Change several mentions of reconnaissance to discovery by @Res260 in #161

New Contributors

• @pinarsadioglu made their first contribution in #163

Full Changelog: v1.3.0...v1.4.1

LOOBins v1.3.0

What's Changed

• Add systemsetup by @cyberbuff in #152
• Add binary sw_vers by @Koyiott in #153
• Add binary sfltool by @Koyiott in #154
• Add "Defense Evasion" to tactics of the Ditto LOOBin by @Res260 in #155
• Remove "Privilege Escalation" tactic from "xattr". by @Res260 in #156

New Contributors

• @cyberbuff made their first contribution in #152
• @Koyiott made their first contribution in #153
• @Res260 made their first contribution in #155

Full Changelog: v1.2.0...v1.3.0

LOOBins v1.2.0

What's Changed

Additions

• caffeinate by @ethan-nay in #140
• system_profiler by @ethan-nay in #140
• dscacheutil by @ethan-nay in #150
• dsconfigad by @ethan-nay in #150
• odutil by @ethan-nay in #150
• kextstat by @MarkMorow in #147

Updates

• ioreg fix spelling errors by @infosecB in #148

Full Changelog: v1.1.0...v1.2.0