Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Indicators of Compromise

See original GitHub issue

Currently the VRT doesn’t cater for situations where a compromise has occurred, and proof is available. This may not always be malicious, and there’s a few situations where this could apply:

  • A subdomain is clearly under the control of another organisation, which can happen when an IP has been released (in Microsoft Azure or another cloud based product), and later claimed by another organisation (but DNS mapping remains).

  • A more direct compromise, where a webshell, and other datapoints suggesting compromise have been found by a researcher.

  • Cryptojacking scripts found on a host website.

I believe this should be a P1, however I believe the language is important to help limit false positives, and so this can cover point two of the above in situations where the action may not necessarily be a malicious one. I’m not entirely certain what that wording would be, but the best I could land on was:

P1 - Evidence of Site Compromise or No Longer Controlled by Client

Alternatively, this could be a new category with branches off of it, but that in itself seems excessive for what is quite likely a rarer edge case.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:3
  • Comments:10 (9 by maintainers)

github_iconTop GitHub Comments

1reaction
barnettcommented, May 7, 2019

Definitely @codingo.

We send the swag with each release so once we cut the next version will send it out.

1reaction
plr0mancommented, Mar 15, 2019

After discussing this with the team we agreed that there’s some potential for adding a new “varies” category. The proposed entry is: Varies - Indicators of Compromise This category could be used to build out a more detailed structure in the future.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Indicators of compromise - Definition - Trend Micro
Indicators of compromise (IOCs) serve as forensic evidence of potential intrusions on a host system or network. These artifacts enable information security ...
Read more >
Indicators of Compromise (IOCs) - Fortinet
Indicators of compromise (IOCs) refer to data that indicates a system may have been infiltrated by a cyber threat. They provide cybersecurity teams...
Read more >
What are Indicators of Compromise? - Digital Guardian
Indicators of compromise act as breadcrumbs that lead infosec and IT pros to detect malicious activity early in the attack sequence. These ...
Read more >
Indicator of compromise - Wikipedia
Indicator of compromise (IoC) in computer forensics is an artifact observed on a network or in an operating system that, with high confidence, ......
Read more >
What Are Indicators of Compromise (IoC) | Proofpoint US
During a cybersecurity incident, indicators of compromise (IoC) are clues and evidence of a data breach. These digital breadcrumbs can reveal not just...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Why Was issue #150 merged into the VRT?

Next page

2FA Secret recovery and refresh