v1.12.0
What's Changed
- Add 14 new YARA based checks by @tstromberg in #314
- new detector: Unexpected talker events by @tstromberg in #309
- new detector: hidden cwd events by @tstromberg in #311
- Add detector for listening from an unusual location by @tstromberg in #321
- unexpected chrome extension: Check for 'management' permission by @tstromberg in #291
- new detector: unexpected process extension linux by @tstromberg in #293
- macOS sysutils: add csrutil, ditto, unzip, whoami, system_profiler by @tstromberg in #294
- netutil calls: add nscurl by @tstromberg in #295
- Improve unexpected-chmod-exec-event performance by @tstromberg in #303
- Detect vulnerable versions of Acrobat Reader by @tstromberg in #305
- Improve base64/crontab detection by @tstromberg in #306
- Add primitive name-based detection for possible InfoStealers by @tstromberg in #304
- More checks for unusual process names inspired by Earth Lusca by @tstromberg in #308
- split detection pack into subpacks by @tstromberg in #315
- Address issues which kept some Linux alerts from firing by @tstromberg in #319
- Loads of false positives and other bugs addressed.
Full Changelog: v1.11.0...v1.12.0
Contributors
tstromberg