Skip to content

Commit

Permalink
chore: Cosmetic README change
Browse files Browse the repository at this point in the history
  • Loading branch information
@rabbitstack
rabbitstack committed Oct 9, 2024
1 parent 40fe59f commit c14dca8
Showing 1 changed file with 16 additions and 16 deletions.
32 changes: 16 additions & 16 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,22 +60,22 @@ To describe all rules in the catalog, use the `fibratus rules list` command. It

```
$ fibratus rules list
┌───────┬────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ # │ RULE │ TECHNIQUE │ TACTIC
├───────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────── |
│ 1 │ File access to SAM database │ OS Credential Dumping │ Credential Access
│ 2 │ Credentials access from backups via Rundll32 │ Credentials from Password Stores │ Credential Access
│ 3 │ Credential discovery via VaultCmd.exe │ Credentials from Password Stores │ Credential Access
│ 4 │ LSASS memory dump preparation via SilentProcessExit │ OS Credential Dumping │ Credential Access
│ 5 │ LSASS memory dump via Windows Error Reporting │ OS Credential Dumping │ Credential Access
│ 6 │ LSASS memory dumping via legitimate or offensive tools│ OS Credential Dumping │ Credential Access
│ 7 │ Potential thread execution hijacking │ Process Injection │ Defense Evasion
│ 8 │ Process spawned via remote thread │ Process Injection │ Defense Evasion
│ 9 │ Regsvr32 scriptlet execution │ System Binary Proxy Execution │ Defense Evasion
│ 10 │ Suspicious DLL loaded via memory section mapping │ Process Injection │ Defense Evasion
│ 11 │ System Binary Proxy Execution via Rundll32 │ System Binary Proxy Execution │ Defense Evasion |
| ... |
├───────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────
┌───────┬────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ # │ RULE │ TECHNIQUE │ TACTIC
├───────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ 1 │ File access to SAM database │ OS Credential Dumping │ Credential Access
│ 2 │ Credentials access from backups via Rundll32 │ Credentials from Password Stores │ Credential Access
│ 3 │ Credential discovery via VaultCmd.exe │ Credentials from Password Stores │ Credential Access
│ 4 │ LSASS memory dump preparation via SilentProcessExit │ OS Credential Dumping │ Credential Access
│ 5 │ LSASS memory dump via Windows Error Reporting │ OS Credential Dumping │ Credential Access
│ 6 │ LSASS memory dumping via legitimate or offensive tools│ OS Credential Dumping │ Credential Access
│ 7 │ Potential thread execution hijacking │ Process Injection │ Defense Evasion
│ 8 │ Process spawned via remote thread │ Process Injection │ Defense Evasion
│ 9 │ Regsvr32 scriptlet execution │ System Binary Proxy Execution │ Defense Evasion
│ 10 │ Suspicious DLL loaded via memory section mapping │ Process Injection │ Defense Evasion
│ 11 │ System Binary Proxy Execution via Rundll32 │ System Binary Proxy Execution │ Defense Evasion
| ...
├───────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────
```

### Contributing
Expand Down

0 comments on commit c14dca8

Please sign in to comment.