Skip to content

Commit 339ebb2

Browse files
leos565leos565
committed
Merge feat-expand: rule expansions, ancestry viz, audit log, alert forwarding, profiles
Full feature set implemented on feat-expand branch: Rule expansions (master_rules.yaml + compiled_policy.json): - BIN: tmate, ngrok, bore, cloudflared - DOM: *.trycloudflare.com, bin.sh, bashupload.com - PATH-LIN: /proc/*/mem, /sys/kernel/debug - PATH-MAC: VS Code globalStorage - HEU: Credential file sweep (5 opens in 30s) - OUT: Encrypted private key, Vault token, Docker PAT, GCP SA JSON - INJ: Simulated no-restriction jailbreak, HTML comment directive Process ancestry visualization: - monitor.py walks /proc up to 8 levels at alert time - Ancestry parsed from log lines in app.py - Fancy visual tree in alert detail sidecard (root→leaf, leaf in red) Session audit log: - HMAC-chained JSONL with verify_chain(), Audit Log tab in dashboard Alert forwarding: - Webhook dispatch with HMAC signature, REST API v1 for SIEM integration - Settings UI: webhook management, API key generation with one-time display Project profiles: - Per-project security configs with CRUD, import/export JSON, settings backup Compliance report: - Downloadable JSON + HTML posture report (SOC 2 evidence)
2 parents efef008 + 4a10cdb commit 339ebb2

File tree

10 files changed

+2427
-30
lines changed

10 files changed

+2427
-30
lines changed

builder/master_rules.yaml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,13 +82,16 @@ rule_metadata:
8282
PATH-MAC-028: { description: "Full Kubernetes config dir; kubeconfig and cached credentials for cluster access", severity: critical, category: security }
8383
PATH-MAC-029: { description: "pass password manager store; encrypted password vault", severity: critical, category: security }
8484
PATH-MAC-030: { description: "HashiCorp Vault local config; may contain Vault tokens", severity: high, category: security }
85+
PATH-MAC-031: { description: "VS Code global storage; contains extension secrets, tokens, and auth data", severity: high, category: security }
8586

8687
PATH-LIN-019: { description: "Git credential store; plaintext git credentials cached by git-credential-store", severity: critical, category: security }
8788
PATH-LIN-020: { description: "Global git config; may contain credential helper tokens or signing keys", severity: high, category: security }
8889
PATH-LIN-021: { description: "Full Kubernetes config dir; kubeconfig and cached credentials for cluster access", severity: critical, category: security }
8990
PATH-LIN-022: { description: "pass password manager store; encrypted password vault", severity: critical, category: security }
9091
PATH-LIN-023: { description: "HashiCorp Vault local config; may contain Vault tokens", severity: high, category: security }
9192
PATH-LIN-024: { description: "Kubernetes in-pod secrets mount; cluster secrets injected at runtime", severity: critical, category: security }
93+
PATH-LIN-025: { description: "/proc/[pid]/mem; direct process memory read/write, bypasses file permissions and enables credential extraction", severity: critical, category: security }
94+
PATH-LIN-026: { description: "/sys/kernel/debug; kernel debug filesystem, implies CAP_SYS_ADMIN and enables kernel memory inspection", severity: critical, category: security }
9295

9396
# Blocked domains (exfiltration staging / tunneling)
9497
DOM-021: { description: "Webhook receiver; free endpoint commonly used for data exfiltration PoCs", severity: high, category: security }
@@ -100,12 +103,19 @@ rule_metadata:
100103
DOM-027: { description: "Beeceptor; API mock / request intercept — exfiltration staging", severity: high, category: security }
101104
DOM-028: { description: "Burp Collaborator; OAST callback — used in exfiltration and SSRF PoCs", severity: high, category: security }
102105
DOM-029: { description: "Interactsh; open-source OAST interaction detection — exfiltration staging", severity: high, category: security }
106+
DOM-030: { description: "Cloudflare quick tunnels; ephemeral public URLs for local services — exfiltration and reverse shell delivery", severity: critical, category: security }
107+
DOM-031: { description: "bin.sh; pastebin-style code execution site, payload staging and exfiltration", severity: high, category: security }
108+
DOM-032: { description: "bashupload.com; anonymous file upload service, exfiltration endpoint with no authentication", severity: high, category: security }
103109

104110
# Blocked IPs (C2)
105111
IP-007: { description: "Known C2 IP (Adversa AI IOC database)", severity: critical, category: security }
106112

107113
# Blocked executables
108114
BIN-029: { description: "doas; OpenBSD sudo alternative, privilege escalation", severity: critical, category: security }
115+
BIN-030: { description: "tmate; terminal sharing over SSH, covert remote access vector", severity: critical, category: security }
116+
BIN-031: { description: "ngrok; tunnel creation executable, enables reverse shells and covert C2 channels", severity: critical, category: security }
117+
BIN-032: { description: "bore; modern tunnel alternative to ngrok for exposing local ports", severity: critical, category: security }
118+
BIN-033: { description: "cloudflared; Cloudflare tunnel client, creates persistent outbound tunnels for covert access", severity: critical, category: security }
109119

110120
# Linux deny rules — new
111121
LIN-058: { description: "Python exec injection; python -c with exec() call — arbitrary code execution", severity: critical, category: security }
@@ -360,6 +370,7 @@ rule_metadata:
360370
# HEU-CRD-001: deferred (path-based openat)
361371
# HEU-CRD-002: deferred (env var reads require ptrace; not feasible in eBPF)
362372
HEU-CRD-003: { description: "SSH Agent Hijack — agent accesses SSH_AUTH_SOCK or calls ssh-add with foreign keys", severity: critical, category: heuristics, subcategory: credential, platform_support: { linux: full, macos: partial } }
373+
HEU-CRD-004: { description: "Credential File Sweep — agent opens .env, .aws/credentials, .npmrc, .pypirc, or .netrc files >5 times in 30s (multi-source credential harvesting)", severity: critical, category: heuristics, subcategory: credential, platform_support: { linux: full, macos: none } }
363374

364375
# ── Blocked paths ──────────────────────────────────────────────────────────
365376
# Sensitive credential stores and system files an AI agent should never touch.
@@ -400,6 +411,7 @@ blocked_paths:
400411
PATH-MAC-028: "~/.kube"
401412
PATH-MAC-029: "~/.password-store"
402413
PATH-MAC-030: "~/.vault"
414+
PATH-MAC-031: "~/Library/Application Support/Code/User/globalStorage"
403415
linux:
404416
PATH-LIN-001: "/root/.ssh"
405417
PATH-LIN-002: "/etc/shadow"
@@ -427,6 +439,8 @@ blocked_paths:
427439
PATH-LIN-022: "/home/*/.password-store"
428440
PATH-LIN-023: "/home/*/.vault"
429441
PATH-LIN-024: "/var/run/secrets"
442+
PATH-LIN-025: "/proc/[0-9]*/mem"
443+
PATH-LIN-026: "/sys/kernel/debug"
430444

431445
# ── Blocked domains ───────────────────────────────────────────────────────
432446
# Known mining pools and C2 infrastructure. The threat feed adds more.
@@ -464,6 +478,9 @@ blocked_domains:
464478
DOM-027: "beeceptor.com"
465479
DOM-028: "burpcollaborator.net"
466480
DOM-029: "interactsh.com"
481+
DOM-030: "*.trycloudflare.com"
482+
DOM-031: "bin.sh"
483+
DOM-032: "bashupload.com"
467484

468485
# ── Blocked IPs ───────────────────────────────────────────────────────────
469486
# Known malicious IP addresses. Monitored on macOS, blocked via eBPF on Linux.
@@ -517,6 +534,11 @@ blocked_executables:
517534
BIN-028: "mkfs"
518535
# Privilege escalation alternatives
519536
BIN-029: "doas"
537+
# Tunneling / covert remote access
538+
BIN-030: "tmate"
539+
BIN-031: "ngrok"
540+
BIN-032: "bore"
541+
BIN-033: "cloudflared"
520542

521543
malicious_hashes: {}
522544

@@ -1339,3 +1361,9 @@ heuristics:
13391361
action: "enforce"
13401362
threshold: 1
13411363
window_seconds: 0
1364+
HEU-CRD-004:
1365+
name: "Credential File Sweep"
1366+
description: "Agent opens .env, .aws/credentials, .npmrc, .pypirc, or .netrc files >5 times in 30s (multi-source credential harvesting)."
1367+
action: "enforce"
1368+
threshold: 5
1369+
window_seconds: 30

deploy/compiled_policy.json

Lines changed: 86 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,11 @@
2929
"BIN-026": "ltrace",
3030
"BIN-027": "ptrace",
3131
"BIN-028": "mkfs",
32-
"BIN-029": "doas"
32+
"BIN-029": "doas",
33+
"BIN-030": "tmate",
34+
"BIN-031": "ngrok",
35+
"BIN-032": "bore",
36+
"BIN-033": "cloudflared"
3337
},
3438
"blocked_domains": {
3539
"DOM-001": "pool.supportxmr.com",
@@ -60,7 +64,10 @@
6064
"DOM-026": "hookbin.com",
6165
"DOM-027": "beeceptor.com",
6266
"DOM-028": "burpcollaborator.net",
63-
"DOM-029": "interactsh.com"
67+
"DOM-029": "interactsh.com",
68+
"DOM-030": "*.trycloudflare.com",
69+
"DOM-031": "bin.sh",
70+
"DOM-032": "bashupload.com"
6471
},
6572
"blocked_ips": {
6673
"IP-001": "51.222.161.168",
@@ -96,7 +103,9 @@
96103
"PATH-LIN-021": "/home/*/.kube",
97104
"PATH-LIN-022": "/home/*/.password-store",
98105
"PATH-LIN-023": "/home/*/.vault",
99-
"PATH-LIN-024": "/var/run/secrets"
106+
"PATH-LIN-024": "/var/run/secrets",
107+
"PATH-LIN-025": "/proc/[0-9]*/mem",
108+
"PATH-LIN-026": "/sys/kernel/debug"
100109
},
101110
"macos": {
102111
"PATH-MAC-001": "~/.ssh",
@@ -128,7 +137,8 @@
128137
"PATH-MAC-027": "~/.gitconfig",
129138
"PATH-MAC-028": "~/.kube",
130139
"PATH-MAC-029": "~/.password-store",
131-
"PATH-MAC-030": "~/.vault"
140+
"PATH-MAC-030": "~/.vault",
141+
"PATH-MAC-031": "~/Library/Application Support/Code/User/globalStorage"
132142
}
133143
},
134144
"deny_rules": {
@@ -824,6 +834,11 @@
824834
"severity": "high",
825835
"category": "security"
826836
},
837+
"PATH-MAC-031": {
838+
"description": "VS Code global storage; contains extension secrets, tokens, and auth data",
839+
"severity": "high",
840+
"category": "security"
841+
},
827842
"PATH-LIN-019": {
828843
"description": "Git credential store; plaintext git credentials cached by git-credential-store",
829844
"severity": "critical",
@@ -854,6 +869,16 @@
854869
"severity": "critical",
855870
"category": "security"
856871
},
872+
"PATH-LIN-025": {
873+
"description": "/proc/[pid]/mem; direct process memory read/write, bypasses file permissions and enables credential extraction",
874+
"severity": "critical",
875+
"category": "security"
876+
},
877+
"PATH-LIN-026": {
878+
"description": "/sys/kernel/debug; kernel debug filesystem, implies CAP_SYS_ADMIN and enables kernel memory inspection",
879+
"severity": "critical",
880+
"category": "security"
881+
},
857882
"DOM-021": {
858883
"description": "Webhook receiver; free endpoint commonly used for data exfiltration PoCs",
859884
"severity": "high",
@@ -899,6 +924,21 @@
899924
"severity": "high",
900925
"category": "security"
901926
},
927+
"DOM-030": {
928+
"description": "Cloudflare quick tunnels; ephemeral public URLs for local services \u2014 exfiltration and reverse shell delivery",
929+
"severity": "critical",
930+
"category": "security"
931+
},
932+
"DOM-031": {
933+
"description": "bin.sh; pastebin-style code execution site, payload staging and exfiltration",
934+
"severity": "high",
935+
"category": "security"
936+
},
937+
"DOM-032": {
938+
"description": "bashupload.com; anonymous file upload service, exfiltration endpoint with no authentication",
939+
"severity": "high",
940+
"category": "security"
941+
},
902942
"IP-007": {
903943
"description": "Known C2 IP (Adversa AI IOC database)",
904944
"severity": "critical",
@@ -909,6 +949,26 @@
909949
"severity": "critical",
910950
"category": "security"
911951
},
952+
"BIN-030": {
953+
"description": "tmate; terminal sharing over SSH, covert remote access vector",
954+
"severity": "critical",
955+
"category": "security"
956+
},
957+
"BIN-031": {
958+
"description": "ngrok; tunnel creation executable, enables reverse shells and covert C2 channels",
959+
"severity": "critical",
960+
"category": "security"
961+
},
962+
"BIN-032": {
963+
"description": "bore; modern tunnel alternative to ngrok for exposing local ports",
964+
"severity": "critical",
965+
"category": "security"
966+
},
967+
"BIN-033": {
968+
"description": "cloudflared; Cloudflare tunnel client, creates persistent outbound tunnels for covert access",
969+
"severity": "critical",
970+
"category": "security"
971+
},
912972
"LIN-058": {
913973
"description": "Python exec injection; python -c with exec() call \u2014 arbitrary code execution",
914974
"severity": "critical",
@@ -2083,6 +2143,20 @@
20832143
"linux": "full",
20842144
"macos": "partial"
20852145
}
2146+
},
2147+
"HEU-CRD-004": {
2148+
"description": "Credential File Sweep \u2014 agent opens .env, .aws/credentials, .npmrc, .pypirc, or .netrc files >5 times in 30s (multi-source credential harvesting)",
2149+
"severity": "critical",
2150+
"category": "heuristics",
2151+
"subcategory": "credential",
2152+
"platform_support": {
2153+
"linux": "full",
2154+
"macos": "none"
2155+
}
2156+
},
2157+
"IP-006": {
2158+
"description": "Community threat intelligence",
2159+
"severity": "high"
20862160
}
20872161
},
20882162
"heuristics": {
@@ -2365,7 +2439,14 @@
23652439
"action": "enforce",
23662440
"threshold": 1,
23672441
"window_seconds": 0
2442+
},
2443+
"HEU-CRD-004": {
2444+
"name": "Credential File Sweep",
2445+
"description": "Agent opens .env, .aws/credentials, .npmrc, .pypirc, or .netrc files >5 times in 30s (multi-source credential harvesting).",
2446+
"action": "enforce",
2447+
"threshold": 5,
2448+
"window_seconds": 30
23682449
}
23692450
},
2370-
"_signature": "816d51f65be1525f7d3118e522357ba8d5725b3cf1abda67f4592f98e87a9110"
2451+
"_signature": "3110b9b7c143e59c0c746006f368d10b97e592f3a6c78c59ebf0025b70657589"
23712452
}

0 commit comments

Comments
 (0)