Rule Library
Sigma Rules
3 rules found for "Seth Hanford"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionlowtest
Container Residence Discovery Via Proc Virtual FS
Detects potential container discovery via listing of certain kernel features in the "/proc" virtual filesystem
LinuxProcess Creation
TA0007 · DiscoveryT1082 · System Information Discovery
Seth HanfordWed Aug 23linux
Detectionlowtest
Docker Container Discovery Via Dockerenv Listing
Detects listing or file reading of ".dockerenv" which can be a sing of potential container discovery
LinuxProcess Creation
TA0007 · DiscoveryT1082 · System Information Discovery
Seth HanfordWed Aug 23linux
Detectionlowtest
Potential Container Discovery Via Inodes Listing
Detects listing of the inodes of the "/" directory to determine if the we are running inside of a container.
LinuxProcess Creation
TA0007 · DiscoveryT1082 · System Information Discovery
Seth HanfordWed Aug 23linux