Jibril: Runtime Security Engine

At the core, listen.dev is powered by Jibril - a new architecutre for runtime security that we have developed in house. You can read more about the Jibril project on its page: https://listendev.github.io/jibril/dev/ and follow community discussions at https://github.com/listendev/jibril-releases/discussions. Jibril uses the concept of detection recipies--think of them as behavioral signals in a temporal context. In case of an attack chain, it would be the series of signals observed in context

If you have any custom requests for detection rules or customization, please reach out at support@listen.dev

Below is an example of the kind of detections Jibril comes with out of the box. For more up to date info on our detection coverage and roadmap, visit the Detailed Detection Page.

Category
Attack Vector
Description
Impact

Evasion

Security Bypass

Techniques to avoid detection by security measures.

Missed threats due to undetected activities.

Escalation

Privilege Gain

Unauthorized elevation of access privileges.

Compromised systems with unauthorized access.

App Hooking

Code Manipulation

Altering application behavior to execute malicious code.

Applications behaving unpredictably or executing malicious actions.

Kernel Hooking

Kernel Modifications

Changing kernel operations to hide malicious activities.

Kernel instability and hidden malicious processes.

Execution

Unauthorized Code Execution

Running unauthorized or malicious code within the environment.

Potential malware execution and data breaches.

Persistence

Maintaining Access

Techniques to maintain access within the system over time.

Long-term compromises and recurring security incidents.

Exfiltration

Data Theft

Unauthorized transfer of data out of the system.

Data breaches and loss of sensitive information.

Discovery

Information Gathering

Efforts to gather sensitive information about the environment.

Increased risk of targeted attacks due to exposed information.

Tamper Kernel

Kernel-Level Attacks

Modifying the kernel for malicious purposes.

Deep system compromises and difficult-to-detect threats.

Lateral Move

Network Movement

Moving within the network to access additional resources.

Broadening attack scope and accessing critical infrastructure.

Last updated