Detections

listen.dev provides comprehensive coverage against common attack vectors and known indicators of harmful behavior, as well as unknown and emerging threats. Below is an overview of the kind of detections listen.dev provides.

If you have any custom requests for detections, please reach out at support@listen.dev

Category	Attack Vector	Description	Impact
Evasion	Security Bypass	Techniques to avoid detection by security measures.	Missed threats due to undetected activities.
Escalation	Privilege Gain	Unauthorized elevation of access privileges.	Compromised systems with unauthorized access.
App Hooking	Code Manipulation	Altering application behavior to execute malicious code.	Applications behaving unpredictably or executing malicious actions.
Kernel Hooking	Kernel Modifications	Changing kernel operations to hide malicious activities.	Kernel instability and hidden malicious processes.
Execution	Unauthorized Code Execution	Running unauthorized or malicious code within the environment.	Potential malware execution and data breaches.
Persistence	Maintaining Access	Techniques to maintain access within the system over time.	Long-term compromises and recurring security incidents.
Exfiltration	Data Theft	Unauthorized transfer of data out of the system.	Data breaches and loss of sensitive information.
Discovery	Information Gathering	Efforts to gather sensitive information about the environment.	Increased risk of targeted attacks due to exposed information.
Tamper Kernel	Kernel-Level Attacks	Modifying the kernel for malicious purposes.	Deep system compromises and difficult-to-detect threats.
Lateral Move	Network Movement	Moving within the network to access additional resources.	Broadening attack scope and accessing critical infrastructure.

Category

Attack Vector

Description

Impact

Evasion

Security Bypass

Techniques to avoid detection by security measures.

Missed threats due to undetected activities.

Escalation

Privilege Gain

Unauthorized elevation of access privileges.

Compromised systems with unauthorized access.

App Hooking

Code Manipulation

Altering application behavior to execute malicious code.

Applications behaving unpredictably or executing malicious actions.

Kernel Hooking

Kernel Modifications

Changing kernel operations to hide malicious activities.

Kernel instability and hidden malicious processes.

Execution

Unauthorized Code Execution

Running unauthorized or malicious code within the environment.

Potential malware execution and data breaches.

Persistence

Maintaining Access

Techniques to maintain access within the system over time.

Long-term compromises and recurring security incidents.

Exfiltration

Data Theft

Unauthorized transfer of data out of the system.

Data breaches and loss of sensitive information.

Discovery

Information Gathering

Efforts to gather sensitive information about the environment.

Increased risk of targeted attacks due to exposed information.

Tamper Kernel

Kernel-Level Attacks

Modifying the kernel for malicious purposes.

Deep system compromises and difficult-to-detect threats.

Lateral Move

Network Movement

Moving within the network to access additional resources.

Broadening attack scope and accessing critical infrastructure.

Value for Dev/Ops Workflows

In-line Alerting & Remediation :
- Get in-line notifications of suspicious activities, allowing for swift action to mitigate threats.
Detailed Context & Intelligent Insights:
- Access comprehensive information about detected threats with context on its source and activity, helping to understand threats and do forensics.

For more details on each detection and its configuration, please get in touch.

Last updated 1 month ago