-
-
Notifications
You must be signed in to change notification settings - Fork 203
Pull requests: rabbitstack/fibratus
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
feat(rules): New Anything related to detection rules
UAC bypass via Control Panel applet execution hijack rule
rules
#611
opened Feb 10, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
UAC bypass via command handler hijacking rule
rules
#610
opened Feb 10, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
UAC bypass via CDSSync scheduled task hijack rule
rules
#609
opened Feb 10, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
UAC bypass via assembly Native Image Cache hijack rule
rules
#608
opened Feb 9, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Potential privilege escalation via DeadPotato exploit rule
rules
#607
opened Feb 9, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Fake system root environment variable manipulation rule
rules
#606
opened Feb 9, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Fake system root directory creation rule
rules
#605
opened Feb 6, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Exploitation via Common Log File System rule
rules
#604
opened Feb 6, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Process creation via direct syscall rule
rules
#599
opened Feb 6, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Suspicious activity from a reflected process rule
rules
#598
opened Feb 3, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Suspicious virtual path redirection rule
rules
#597
opened Feb 3, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Suspicious MSHTA execution via HTML smuggling rule
rules
#596
opened Feb 3, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Suspicious file delivery via HTML smuggling rule
rules
#595
opened Feb 3, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Process spawned from unusual directory rule
rules
#594
opened Feb 3, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Suspicious process execution from archive via shortcut file rule
rules
#593
opened Feb 2, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Process execution from compressed file via Explorer rule
rules
#592
opened Feb 2, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Process creation from a stomped module rule
rules
#591
opened Feb 2, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Potential LSA secrets registry dumping rule
rules
#590
opened Feb 2, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Activity from unhooked NTDLL module rule
rules
#589
opened Feb 2, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Potential NTLM hash leak via shortcut file rule
rules
#585
opened Feb 1, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Embedded script execution via shortcut file rule
rules
#584
opened Feb 1, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Embedded executable file run via shortcut rule
rules
#583
opened Jan 29, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Clickfix phishing via browser dialog box rule
rules
#581
opened Jan 28, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Process execution from remote memory section rule
rules
#580
opened Jan 28, 2026 by
rabbitstack
Loading…
Previous Next
ProTip!
Exclude everything labeled
bug with -label:bug.