-
-
Notifications
You must be signed in to change notification settings - Fork 203
Pull requests: rabbitstack/fibratus
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
feat(rules): New Anything related to detection rules
Fake system root directory creation rule
rules
#605
opened Feb 6, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Exploitation via Common Log File System rule
rules
#604
opened Feb 6, 2026 by
rabbitstack
Loading…
chore(rules): Exclude sysdir from Potential ClickFix infection chain rule
rules
Anything related to detection rules
#603
opened Feb 6, 2026 by
rabbitstack
Loading…
fix(symbolizer,stackwalk): Always obtain callstack from real parent process state
#602
opened Feb 6, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Process creation via direct syscall rule
rules
#599
opened Feb 6, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Suspicious activity from a reflected process rule
rules
#598
opened Feb 3, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Suspicious virtual path redirection rule
rules
#597
opened Feb 3, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Suspicious MSHTA execution via HTML smuggling rule
rules
#596
opened Feb 3, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Suspicious file delivery via HTML smuggling rule
rules
#595
opened Feb 3, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Process spawned from unusual directory rule
rules
#594
opened Feb 3, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Suspicious process execution from archive via shortcut file rule
rules
#593
opened Feb 2, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Process execution from compressed file via Explorer rule
rules
#592
opened Feb 2, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Process creation from a stomped module rule
rules
#591
opened Feb 2, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Potential LSA secrets registry dumping rule
rules
#590
opened Feb 2, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Activity from unhooked NTDLL module rule
rules
#589
opened Feb 2, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Potential NTLM hash leak via shortcut file rule
rules
#585
opened Feb 1, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Embedded script execution via shortcut file rule
rules
#584
opened Feb 1, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Embedded executable file run via shortcut rule
rules
#583
opened Jan 29, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Credential Manager access via known tools rule
rules
#582
opened Jan 28, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Clickfix phishing via browser dialog box rule
rules
#581
opened Jan 28, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Process execution from remote memory section rule
rules
#580
opened Jan 28, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Potential NTDLL unhooking via file mapping rule
rules
#579
opened Jan 28, 2026 by
rabbitstack
Loading…
feat(rules): New Anything related to detection rules
Suspicious child spawned via reflected process rule
rules
#578
opened Jan 28, 2026 by
rabbitstack
Loading…
Previous Next
ProTip!
Follow long discussions with comments:>50.