Detection Engine
Last updated
Last updated
© 2024 Garnet Labs
listen.dev provides comprehensive coverage against common attack vectors and known indicators of harmful behavior, as well as unknown and emerging threats. Below is an overview of the kind of detections listen.dev provides.
If you have any custom requests for detection rules or customization, please reach out at support@listen.dev
Below are the high level detection categories covered. For more details into each type of detection, please see the comprehensive list here
| Category | Attack Vector | Description | Impact |
|---|---|---|---|
Evasion
Security Bypass
Techniques to avoid detection by security measures.
Missed threats due to undetected activities.
Escalation
Privilege Gain
Unauthorized elevation of access privileges.
Compromised systems with unauthorized access.
App Hooking
Code Manipulation
Altering application behavior to execute malicious code.
Applications behaving unpredictably or executing malicious actions.
Kernel Hooking
Kernel Modifications
Changing kernel operations to hide malicious activities.
Kernel instability and hidden malicious processes.
Execution
Unauthorized Code Execution
Running unauthorized or malicious code within the environment.
Potential malware execution and data breaches.
Persistence
Maintaining Access
Techniques to maintain access within the system over time.
Long-term compromises and recurring security incidents.
Exfiltration
Data Theft
Unauthorized transfer of data out of the system.
Data breaches and loss of sensitive information.
Discovery
Information Gathering
Efforts to gather sensitive information about the environment.
Increased risk of targeted attacks due to exposed information.
Tamper Kernel
Kernel-Level Attacks
Modifying the kernel for malicious purposes.
Deep system compromises and difficult-to-detect threats.
Lateral Move
Network Movement
Moving within the network to access additional resources.
Broadening attack scope and accessing critical infrastructure.