{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":54714794,"defaultBranch":"master","name":"fibratus","ownerLogin":"rabbitstack","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2016-03-25T11:28:46.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/11174375?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1717844552.0","currentOid":""},"activityList":{"items":[{"before":null,"after":"45801dea09127046a939f74acdb33f4b39d28440","ref":"refs/heads/msi-run-as-service","pushedAt":"2024-06-08T11:02:32.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"Service status CLI command","shortMessageHtmlLink":"Service status CLI command"}},{"before":"42285400f25d9cc0ebb363e04e755b3091c5ab18","after":null,"ref":"refs/heads/potential-privilege-escalation-via-phantom-dll-hijacking","pushedAt":"2024-06-04T16:38:02.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"}},{"before":"8c0df5b8e0f877e6235c8fe39049e89a98356566","after":null,"ref":"refs/heads/fix-sandbox-fs-paths","pushedAt":"2024-06-04T16:37:56.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"}},{"before":null,"after":"2edac4ae9cb2e577ed453f74b91494666fe2f978","ref":"refs/heads/dependabot/go_modules/github.com/spf13/viper-1.19.0","pushedAt":"2024-06-03T13:24:57.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps): bump github.com/spf13/viper from 1.6.2 to 1.19.0\n\nBumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.6.2 to 1.19.0.\n- [Release notes](https://github.com/spf13/viper/releases)\n- [Commits](https://github.com/spf13/viper/compare/v1.6.2...v1.19.0)\n\n---\nupdated-dependencies:\n- dependency-name: github.com/spf13/viper\n  dependency-type: direct:production\n  update-type: version-update:semver-minor\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"chore(deps): bump github.com/spf13/viper from 1.6.2 to 1.19.0"}},{"before":null,"after":"56bf2533e9508286c5b4239ce77ad6395cc36a66","ref":"refs/heads/remote-threaed-creation-lsass","pushedAt":"2024-05-31T15:46:19.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"Remote thread creation into LSASS\n\nIdentifies the creation of a remote thread in LSASS (Local Security And Authority Subsystem Service)\n  by untrusted of suspicious processes. This may indicate attempts to execute code inside LSASS process in preparation for credential stealing.","shortMessageHtmlLink":"Remote thread creation into LSASS"}},{"before":"ba3c9058f81a38d1b0ef430d8b7b06319b336253","after":"ec6cf36ae113da116a519a669dcb4e7d1091a783","ref":"refs/heads/master","pushedAt":"2024-05-30T18:43:24.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"fix(fs): Handle Windows Sandbox paths (#287)","shortMessageHtmlLink":"fix(fs): Handle Windows Sandbox paths (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2321709525\" data-permission-text=\"Title is private\" data-url=\"https://github.com/rabbitstack/fibratus/issues/287\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/rabbitstack/fibratus/pull/287/hovercard\" href=\"https://github.com/rabbitstack/fibratus/pull/287\">#287</a>)"}},{"before":"3326e0f7aec9ff170153383b0dced85f44babdaa","after":"ba3c9058f81a38d1b0ef430d8b7b06319b336253","ref":"refs/heads/master","pushedAt":"2024-05-29T21:51:15.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"feat(rules): New `Potential privilege escalation via phantom DLL hijacking` rule (#286)","shortMessageHtmlLink":"feat(rules): New `Potential privilege escalation via phantom DLL hija…"}},{"before":"818ec40570a9dec1780e8f7ab84db43550777a5d","after":"42285400f25d9cc0ebb363e04e755b3091c5ab18","ref":"refs/heads/potential-privilege-escalation-via-phantom-dll-hijacking","pushedAt":"2024-05-29T16:48:51.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"Potential privilege escalation via phantom DLL hijacking\n\nIdentifies the loading of the phantom DLL that was previously dropped to the System directory. Adversaries may exploit this flow to escalate\nprivileges by placing a custom version of the DLL and initiating the execution of an auto-elevated high integrity Windows native process.","shortMessageHtmlLink":"Potential privilege escalation via phantom DLL hijacking"}},{"before":"57285ac644a1429a86bc08e53a1d0b46dabdcc3b","after":"3326e0f7aec9ff170153383b0dced85f44babdaa","ref":"refs/heads/master","pushedAt":"2024-05-28T21:15:41.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"feat(rules): New `Suspicious port monitor loaded` rule (#285)","shortMessageHtmlLink":"feat(rules): New <code>Suspicious port monitor loaded</code> rule (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2321706691\" data-permission-text=\"Title is private\" data-url=\"https://github.com/rabbitstack/fibratus/issues/285\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/rabbitstack/fibratus/pull/285/hovercard\" href=\"https://github.com/rabbitstack/fibratus/pull/285\">#285</a>)"}},{"before":"ca43e4584633697ab6a8917809ceeae79442f950","after":null,"ref":"refs/heads/suspicious-print-monitor-loaded","pushedAt":"2024-05-28T21:15:41.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"}},{"before":"5c11e40a7a9ad9490570581d03eff2506336094d","after":"57285ac644a1429a86bc08e53a1d0b46dabdcc3b","ref":"refs/heads/master","pushedAt":"2024-05-28T20:38:59.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"build(msi): Migrate to Wix 5.0.0 (#284)","shortMessageHtmlLink":"build(msi): Migrate to Wix 5.0.0 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2321703864\" data-permission-text=\"Title is private\" data-url=\"https://github.com/rabbitstack/fibratus/issues/284\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/rabbitstack/fibratus/pull/284/hovercard\" href=\"https://github.com/rabbitstack/fibratus/pull/284\">#284</a>)"}},{"before":"d02be142f409040e86b6870493f8eba22ef6cf5b","after":null,"ref":"refs/heads/upgrade-to-wix5","pushedAt":"2024-05-28T20:38:59.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"}},{"before":"f5a971df1f4c9d3804fc7625756a1dd23692428f","after":"818ec40570a9dec1780e8f7ab84db43550777a5d","ref":"refs/heads/potential-privilege-escalation-via-phantom-dll-hijacking","pushedAt":"2024-05-28T19:49:28.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"Potential privilege escalation via phantom DLL hijacking\n\nIdentifies the loading of the phantom DLL that was previously dropped to the System directory. Adversaries may exploit this flow to escalate\nprivileges by placing a custom version of the DLL and initiating the execution of an auto-elevated high integrity Windows native process.","shortMessageHtmlLink":"Potential privilege escalation via phantom DLL hijacking"}},{"before":"e2a102b81846b1a93830fd6c92fd338c8c81c611","after":"d02be142f409040e86b6870493f8eba22ef6cf5b","ref":"refs/heads/upgrade-to-wix5","pushedAt":"2024-05-28T19:46:59.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"Migrate to Wix 5.0.0\n\nThis changeset contains the necessary bits to migrate the MSI build system to Wix 5.0","shortMessageHtmlLink":"Migrate to Wix 5.0.0"}},{"before":"972e35c4594bec5512ac4cca874fd32b828c6c73","after":"ca43e4584633697ab6a8917809ceeae79442f950","ref":"refs/heads/suspicious-print-monitor-loaded","pushedAt":"2024-05-28T18:43:31.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"Suspicious port monitor loaded rule\n\nIdentifies the loading of an unsigned DLL by the print spool service. Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.","shortMessageHtmlLink":"Suspicious port monitor loaded rule"}},{"before":null,"after":"e2a102b81846b1a93830fd6c92fd338c8c81c611","ref":"refs/heads/upgrade-to-wix5","pushedAt":"2024-05-28T17:59:33.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"Migrate to Wix 5.0.0","shortMessageHtmlLink":"Migrate to Wix 5.0.0"}},{"before":null,"after":"f5a971df1f4c9d3804fc7625756a1dd23692428f","ref":"refs/heads/potential-privilege-escalation-via-phantom-dll-hijacking","pushedAt":"2024-05-24T08:00:13.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"Potential privilege escalation via phantom DLL hijacking\n\nIdentifies the loading of the phantom DLL that was previously dropped to the System directory. Adversaries may exploit this flow to escalate\nprivileges by placing a custom version of the DLL and initiating the execution of an auto-elevated high integrity Windows native process.","shortMessageHtmlLink":"Potential privilege escalation via phantom DLL hijacking"}},{"before":null,"after":"972e35c4594bec5512ac4cca874fd32b828c6c73","ref":"refs/heads/suspicious-print-monitor-loaded","pushedAt":"2024-05-21T17:38:21.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"Suspicious port monitor loaded\n\nIdentifies the loading of an unsigned DLL by the print spool service. Adversaries may use port\n monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.","shortMessageHtmlLink":"Suspicious port monitor loaded"}},{"before":null,"after":"8c0df5b8e0f877e6235c8fe39049e89a98356566","ref":"refs/heads/fix-sandbox-fs-paths","pushedAt":"2024-05-21T16:39:18.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"Handle Windows Sandbox paths","shortMessageHtmlLink":"Handle Windows Sandbox paths"}},{"before":"ca58ff53ebc3171b0092e3b45565272073636a7a","after":null,"ref":"refs/heads/create-rule-cli","pushedAt":"2024-05-21T16:30:57.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"}},{"before":"ccfb4147cdbe60a4d1103f4701dab23daf9c530a","after":"5c11e40a7a9ad9490570581d03eff2506336094d","ref":"refs/heads/master","pushedAt":"2024-05-21T16:30:56.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"feat(cli): Rule template creation via CLI (#283)","shortMessageHtmlLink":"feat(cli): Rule template creation via CLI (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2301483820\" data-permission-text=\"Title is private\" data-url=\"https://github.com/rabbitstack/fibratus/issues/283\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/rabbitstack/fibratus/pull/283/hovercard\" href=\"https://github.com/rabbitstack/fibratus/pull/283\">#283</a>)"}},{"before":null,"after":"ca58ff53ebc3171b0092e3b45565272073636a7a","ref":"refs/heads/create-rule-cli","pushedAt":"2024-05-16T22:20:49.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"Rule template creation via CLI\n\nA new subcommand `fibratus rules create` is added to streamline rules creation by quickly generating a template where rule id, version, minimum engine version and optionally some labels are automatically populated.","shortMessageHtmlLink":"Rule template creation via CLI"}},{"before":"c1137cf9c3e998dc75fc57941b47555aa6c09ead","after":null,"ref":"refs/heads/add-more-rule-yaml-fields","pushedAt":"2024-05-15T17:03:22.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"}},{"before":"ea4ad3ca6bd2e11865a0803f3e0c062a62e5d170","after":"ccfb4147cdbe60a4d1103f4701dab23daf9c530a","ref":"refs/heads/master","pushedAt":"2024-05-15T17:03:21.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"feat(rules): Introduce additional rule attributes (#282)","shortMessageHtmlLink":"feat(rules): Introduce additional rule attributes (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2296465797\" data-permission-text=\"Title is private\" data-url=\"https://github.com/rabbitstack/fibratus/issues/282\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/rabbitstack/fibratus/pull/282/hovercard\" href=\"https://github.com/rabbitstack/fibratus/pull/282\">#282</a>)"}},{"before":null,"after":"c1137cf9c3e998dc75fc57941b47555aa6c09ead","ref":"refs/heads/add-more-rule-yaml-fields","pushedAt":"2024-05-14T21:46:19.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"Enrich all rules with required and optional attributes","shortMessageHtmlLink":"Enrich all rules with required and optional attributes"}},{"before":"71f860f95da99e53b5fa57805b551e3b44c785d2","after":null,"ref":"refs/heads/move-rules-to-individual-files","pushedAt":"2024-05-14T17:37:00.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"}},{"before":"0c6dba01d2ddd57893dea4cfdcfc17246f03edb4","after":"ea4ad3ca6bd2e11865a0803f3e0c062a62e5d170","ref":"refs/heads/master","pushedAt":"2024-05-14T17:36:59.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"chore(rules, rules-engine): Move rules to individual files (#281)","shortMessageHtmlLink":"chore(rules, rules-engine): Move rules to individual files (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2295877586\" data-permission-text=\"Title is private\" data-url=\"https://github.com/rabbitstack/fibratus/issues/281\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/rabbitstack/fibratus/pull/281/hovercard\" href=\"https://github.com/rabbitstack/fibratus/pull/281\">#281</a>)"}},{"before":"6f7a883ff8f6f58f0edfe5d35a46cea68bb5ca62","after":"71f860f95da99e53b5fa57805b551e3b44c785d2","ref":"refs/heads/move-rules-to-individual-files","pushedAt":"2024-05-14T16:44:28.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"Use exact rule definitions in test","shortMessageHtmlLink":"Use exact rule definitions in test"}},{"before":"4d17407668d77bafb1cf01d8f285864b33f63d37","after":"6f7a883ff8f6f58f0edfe5d35a46cea68bb5ca62","ref":"refs/heads/move-rules-to-individual-files","pushedAt":"2024-05-14T16:31:11.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"Update README to reflect new changes","shortMessageHtmlLink":"Update README to reflect new changes"}},{"before":"9323067495832548f430a8b3389c279b157aa366","after":"4d17407668d77bafb1cf01d8f285864b33f63d37","ref":"refs/heads/move-rules-to-individual-files","pushedAt":"2024-05-13T19:15:57.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"rabbitstack","name":"Nedim Šabić²","path":"/rabbitstack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11174375?s=80&v=4"},"commit":{"message":"Move rules to independent files","shortMessageHtmlLink":"Move rules to independent files"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEX-CZzgA","startCursor":null,"endCursor":null}},"title":"Activity · rabbitstack/fibratus"}