Jibril: Runtime Security Engine
At the core, listen.dev is powered by Jibril - a new architecutre for runtime security that we have developed in house. You can read more about the Jibril project on its page: https://listendev.github.io/jibril/dev/ and follow community discussions at https://github.com/listendev/jibril-releases/discussions. Jibril uses the concept of detection recipies--think of them as behavioral signals in a temporal context. In case of an attack chain, it would be the series of signals observed in context
If you have any custom requests for detection rules or customization, please reach out at support@listen.dev
Below is an example of the kind of detections Jibril comes with out of the box. For more up to date info on our detection coverage and roadmap, visit the Detailed Detection Page.
Evasion
Security Bypass
Techniques to avoid detection by security measures.
Missed threats due to undetected activities.
Escalation
Privilege Gain
Unauthorized elevation of access privileges.
Compromised systems with unauthorized access.
App Hooking
Code Manipulation
Altering application behavior to execute malicious code.
Applications behaving unpredictably or executing malicious actions.
Kernel Hooking
Kernel Modifications
Changing kernel operations to hide malicious activities.
Kernel instability and hidden malicious processes.
Execution
Unauthorized Code Execution
Running unauthorized or malicious code within the environment.
Potential malware execution and data breaches.
Persistence
Maintaining Access
Techniques to maintain access within the system over time.
Long-term compromises and recurring security incidents.
Exfiltration
Data Theft
Unauthorized transfer of data out of the system.
Data breaches and loss of sensitive information.
Discovery
Information Gathering
Efforts to gather sensitive information about the environment.
Increased risk of targeted attacks due to exposed information.
Tamper Kernel
Kernel-Level Attacks
Modifying the kernel for malicious purposes.
Deep system compromises and difficult-to-detect threats.
Lateral Move
Network Movement
Moving within the network to access additional resources.
Broadening attack scope and accessing critical infrastructure.
Last updated