Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Custom]: "execution_potential_curl_cve_2023_38545_exploitation.toml" does not trigger when using "-x" instead of "--proxy" #32

Closed
DBchmnn opened this issue Jul 16, 2024 · 2 comments
Closed

[Custom]: "execution_potential_curl_cve_2023_38545_exploitation.toml" does not trigger when using "-x" instead of "--proxy" #32

DBchmnn opened this issue Jul 16, 2024 · 2 comments
Assignees
@Aegrah
Labels
behavior Endpoint behavior issues custom For issues that don't fit a prebuilt issue template

Comments

@DBchmnn
Copy link

DBchmnn commented Jul 16, 2024

Description

We noticed that the detection rule "behavior/rules/linux/execution_potential_curl_cve_2023_38545_exploitation.toml" is not triggering when you type "-x" instead of "--proxy" even though the string is longer than 255.
Is this intentional behavior? Maybe you can add the short version of the options to the query as well?
@DBchmnn DBchmnn added behavior Endpoint behavior issues custom For issues that don't fit a prebuilt issue template labels Jul 16, 2024
@Aegrah Aegrah self-assigned this Jul 18, 2024
@Aegrah
Copy link

Aegrah commented Jul 18, 2024

Hi @DBchmnn, we addressed this in our latest tunings and will be available soon. Thank you!

@Aegrah Aegrah closed this as completed Jul 18, 2024
@DBchmnn
Copy link
Author

DBchmnn commented Jul 25, 2024

Another improvement:
Now it looks like the rule triggers regardless of the curl version.
Is it possible to include the curl version as well?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Aegrah Aegrah

Labels
behavior Endpoint behavior issues custom For issues that don't fit a prebuilt issue template
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Aegrah @DBchmnn