add log files as lfs objects

jwindley · jwindley · commit 0d231bdded1e · 2025-12-16T12:00:57.000Z
diff --git a/.gitattributes b/.gitattributes
@@ -1,3 +1,6 @@
 *.json filter=lfs diff=lfs merge=lfs -text
 *.log filter=lfs diff=lfs merge=lfs -text
 *.log   text encoding=utf-8
+LICENSE filter=lfs diff=lfs merge=lfs -text
+README.md filter=lfs diff=lfs merge=lfs -text
+*log filter=lfs diff=lfs merge=lfs -text
diff --git a/datasets/attack_techniques/T1553.001/atomic_red_team/macos_gatekeeper_bypass_xattr/macos_gatekeeper_bypass_xattr.log b/datasets/attack_techniques/T1553.001/atomic_red_team/macos_gatekeeper_bypass_xattr/macos_gatekeeper_bypass_xattr.log
@@ -1,2 +1,3 @@
-{"name":"log_processes","hostIdentifier":"jamies-Virtual-Machine.local","calendarTime":"Mon Dec 15 15:24:32 2025 UTC","unixTime":1765812272,"epoch":0,"counter":2369,"numerics":false,"columns":{"cdhash":"673710e00b9bdf6667e88ac54f55c23416692d29","child_pid":"","cmdline":"/usr/bin/xattr -c myapp.app ","cmdline_count":"3","codesigning_flags":"","cwd":"/Users/jamie/atomic-red-team","egid":"0","env":"USER=root SUDO_UID=501 SHELL=/bin/sh LANG=en_GB.UTF-8 SUDO_USER=jamie TERM=xterm-256color LOGNAME=root PATH=/usr/local/microsoft/powershell/7:/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin PSModulePath=/Users/jamie/.local/share/powershell/Modules:/usr/local/share/powershell/Modules:/usr/local/microsoft/powershell/7/Modules MAIL=/var/mail/root SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.g3GBt2ombP/Listeners __CF_USER_TEXT_ENCODING=0x0:0:2 SUDO_COMMAND=/usr/local/bin/pwsh SUDO_GID=20 HOME=/Users/jamie ","env_count":"15","euid":"0","event_type":"exec","exit_code":"","gid":"0","global_seq_num":"9729","original_parent":"2779","parent":"2779","parent_pidversion":"7083","path":"/usr/bin/xattr","pid":"3264","pidversion":"8256","platform_binary":"1","responsible_pid":"925","responsible_pidversion":"2459","seq_num":"4409","session_id":"926","signing_id":"com.apple.xattr","team_id":"","time":"1765812265","uid":"0","username":"root","version":"8"},"action":"added"}
-{"name":"log_processes","hostIdentifier":"jamies-Virtual-Machine.local","calendarTime":"Mon Dec 15 15:11:08 2025 UTC","unixTime":1765811468,"epoch":0,"counter":2286,"numerics":false,"columns":{"cdhash":"673710e00b9bdf6667e88ac54f55c23416692d29","child_pid":"","cmdline":"xattr -d com.apple.quarantine myapp.app ","cmdline_count":"4","codesigning_flags":"","cwd":"/private/tmp","egid":"0","env":"TERM=xterm-256color SHELL=/bin/sh USER=root SUDO_USER=jamie SUDO_UID=501 SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.g3GBt2ombP/Listeners __CF_USER_TEXT_ENCODING=0x0:0:2 MAIL=/var/mail/root PATH=/usr/local/microsoft/powershell/7:/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin PSModulePath=/Users/jamie/.local/share/powershell/Modules:/usr/local/share/powershell/Modules:/usr/local/microsoft/powershell/7/Modules PWD=/private/tmp LANG=en_GB.UTF-8 SHLVL=1 HOME=/Users/jamie SUDO_COMMAND=/usr/local/bin/pwsh LOGNAME=root SUDO_GID=20 _=/usr/bin/xattr ","env_count":"18","euid":"0","event_type":"exec","exit_code":"","gid":"0","global_seq_num":"8939","original_parent":"2779","parent":"2779","parent_pidversion":"7083","path":"/usr/bin/xattr","pid":"3033","pidversion":"7696","platform_binary":"1","responsible_pid":"925","responsible_pidversion":"2459","seq_num":"4080","session_id":"926","signing_id":"com.apple.xattr","team_id":"","time":"1765811460","uid":"0","username":"root","version":"8"},"action":"added"}
+version https://git-lfs.github.com/spec/v1
+oid sha256:eed3cd1fcfd35b468a8326f4580800a64f54309121252111cd319d92f4329be7
+size 3352
diff --git a/datasets/attack_techniques/T1553.001/macos_gatekeeper_bypass_LSFileQuarantineEnabled/macos_gatekeeper_bypass_LSFileQuarantineEnabled.log b/datasets/attack_techniques/T1553.001/macos_gatekeeper_bypass_LSFileQuarantineEnabled/macos_gatekeeper_bypass_LSFileQuarantineEnabled.log
@@ -1 +1,3 @@
-{"name":"log_processes","hostIdentifier":"jamies-Virtual-Machine.local","calendarTime":"Mon Dec 15 15:33:40 2025 UTC","unixTime":1765812820,"epoch":0,"counter":2427,"numerics":false,"columns":{"cdhash":"7bfc830ea6042fc5185981292c3f8132fe1bdca7","child_pid":"","cmdline":"/usr/libexec/PlistBuddy -c \"Add :LSFileQuarantineEnabled bool false\" /Users/jamie/TestApp.app/Contents/Info.plist ","cmdline_count":"4","codesigning_flags":"","cwd":"/Users/jamie/atomic-red-team","egid":"20","env":"TERM_PROGRAM=Apple_Terminal SHELL=/bin/zsh TERM=xterm-256color TMPDIR=/var/folders/nk/s40ysrxj0nz9pq1gtwyv04040000gn/T/ TERM_PROGRAM_VERSION=455.1 TERM_SESSION_ID=B13E8812-EC11-4F13-8450-779CEF9D7288 USER=jamie SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.g3GBt2ombP/Listeners PATH=/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin __CFBundleIdentifier=com.apple.Terminal PWD=/Users/jamie/atomic-red-team XPC_FLAGS=0x0 XPC_SERVICE_NAME=0 SHLVL=1 HOME=/Users/jamie LOGNAME=jamie OLDPWD=/Users/jamie/atomic-red-team HOMEBREW_PREFIX=/opt/homebrew HOMEBREW_CELLAR=/opt/homebrew/Cellar HOMEBREW_REPOSITORY=/opt/homebrew INFOPATH=/opt/homebrew/share/info: LANG=en_GB.UTF-8 _=/usr/libexec/PlistBuddy ","env_count":"23","euid":"20","event_type":"exec","exit_code":"","gid":"20","global_seq_num":"10245","original_parent":"3183","parent":"3183","parent_pidversion":"8063","path":"/usr/libexec/PlistBuddy","pid":"3415","pidversion":"8621","platform_binary":"1","responsible_pid":"925","responsible_pidversion":"2459","seq_num":"4623","session_id":"3182","signing_id":"com.apple.PlistBuddy","team_id":"","time":"1765812815","uid":"501","username":"jamie","version":"8"},"action":"added"}
+version https://git-lfs.github.com/spec/v1
+oid sha256:2e2e29b722ab46aed1c4fb5c3c6a570ad298b10ef269d62c1b0c5fcf7d00b828
+size 1951
