Skip to content

Commit 46df5e3

Browse files
gabriel-pezegabriel-peze
committed
[client] feat(SCV): fix format (#4266)
1 parent df94dd6 commit 46df5e3

File tree

2 files changed

+4
-2
lines changed

2 files changed

+4
-2
lines changed

pyoaev/security_domain/builder.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
from pyoaev.security_domain.types import SecurityDomains, SecurityDomainsKeyWords
22

3+
34
class SecurityDomainBuilder:
45

56
def _find_in_keywords(self, keywords, search):

pyoaev/security_domain/types.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,13 @@
11
from enum import Enum
22

3+
34
class SecurityDomainsKeyWords(Enum):
4-
ENDPOINT = ["lsass", "registry", "dll injection", "kernel", "winlogon", "scheduled task", "wmi", "powershell", "process injection", "credential dumping", "rootkit", "startup folder", "bits jobs", "removable media", "hardware additions", "browser extension", "firmware", "bootkit", "master boot record", "clipboard", "screen capture", "audio capture", "video capture", "disk wipe", "ransomware", "debugger evasion", "sandbox evasion", "reflective code", "access token", "system binary proxy"]
5+
ENDPOINT = ["lsass", "registry", "dll injection", "kernel", "winlogon", "scheduled task", "wmi", "powershell", "process injection", "credential dumping", "rootkit", "startup folder", "bits jobs", "removable media", "hardware additions", "browser extension", "firmware", "bootkit", "master boot record", "clipboard", "screen capture", "audio capture", "video capture", "disk wipe", "ransomware", "debugger evasion", "sandbox evasion", "reflective code", "access token", "system binary proxy", "Bitsadmin Download (PowerShell)"]
56
NETWORK = ["lateral movement", "packet sniff", "port scan", "man-in-the-middle", "arp spoof", "smb", "rdp", "dns tunnel", "network share", "c2", "beacon", "firewall", "domain controller", "kerberos", "golden ticket", "silver ticket", "domain trust", "active directory", "ldap", "network boundary", "bgp hijack", "bgp hijack", "dns hijack", "dhcp poison", "forced authentication", "remote service", "network device", "vlan hopping", "protocol tunnel", "traffic signaling", "weaken encryption", "exploitation remote"]
67
WEB_APP = ["sql injection", "cross-site script", "web shell", "csrf", "file upload vulnerability", "apache", "nginx", "iis", "php", "javascript", "rest api", "cookie", "server-side request forgery", "ssrf", "xml external entity", "xxe", "deserialization", "path traversal", "local file inclusion", "remote file inclusion", "template injection", "ssti", "api abuse", "drive-by compromise", "browser exploit", "forge web credential", "web service", "defacement", "server software component", "reverse proxy", "webdav", "session hijack"]
78
EMAIL_INFILTRATION = ["spearphishing attachment", "spearphishing link", "phishing", "malicious attachment", "email account", "outlook", "exchange", "smtp", "mail server", "social engineering", "inbox rule", "dkim", "business email compromise", "bec", "email forwarding rule", "email delegation", "oauth consent", "reply-to manipulation", "email thread hijack", "internal spearphishing", "email collection", "zimbra", "mapi", "email template", "spoof sender", "dmarc", "spf", "email gateway", "link shortener"]
89
DATA_EXFILTRATION = ["exfiltrat", "data staging", "data compressed", "steganography", "covert channel", "database dump", "automated collection", "intellectual property", "cloud storage exfil", "ftp exfil", "physical medium", "air gap", "scheduled transfer", "alternate protocol", "icmp tunnel", "dns exfiltration", "automated exfiltration", "web service exfil", "pastebin", "code repository", "cloud account transfer", "email exfil", "data destruction", "data encrypted", "image steganography"]
9-
URL_FILTERING = ["domain fronting", "url shorten", "typosquatting", "typosquatting", "homograph", "punycode", "url reputation", "content filter", "web gateway", "safe browsing", "url categorization", "blacklist bypass", "whitelist", "redirect", "proxy bypass", "dns over https", "doh", "dns over tls", "dot", "unicode domain", "url encode", "double encode", "open redirect", "captive portal", "proxy pac", "socks proxy", "vpn bypass", "domain generation", "fast flux", "url confusion", "subdomain takeover"]
10+
URL_FILTERING = ["domain fronting", "url shorten", "typosquatting", "typosquatting", "homograph", "punycode", "url reputation", "content filter", "web gateway", "safe browsing", "url categorization", "blacklist bypass", "whitelist", "redirect", "proxy bypass", "dns over https", "dns over tls", "unicode domain", "url encode", "double encode", "open redirect", "captive portal", "proxy pac", "socks proxy", "vpn bypass", "domain generation", "fast flux", "url confusion", "subdomain takeover", "Bitsadmin Download (PowerShell)"]
1011
CLOUD = ["aws", "azure", "gcp", "lambda", "s3 bucket", "blob storage", "kubernetes", "docker", "serverless", "cloud instance", "iam role", "iam role", "saas", "tenant", "subscription", "api gateway", "microservice", "cloud trail", "cloudtrail", "cloud formation", "terraform", "cloud init", "metadata service", "instance metadata", "cloud api", "resource policy", "cloud dashboard", "unused region", "snapshot", "cloud backup", "object storage", "cloud function", "service principal", "managed identity", "cloud key", "sas token", "assume role"]
1112

1213
class SecurityDomains(Enum):

0 commit comments

Comments
 (0)