interact with iptables

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: interact with iptables
    namespace: host-interaction/firewall
    authors:
      - joakim@intezer.com
    scopes:
      static: basic block
      dynamic: call
    att&ck:
      - Discovery::Software Discovery::Security Software Discovery [T1518.001]
      - Defense Evasion::Impair Defenses::Disable or Modify System Firewall [T1562.004]
  features:
    - and:
      - os: linux
      - api: system
      - substring: "iptables"

last edited: 2023-11-24 10:35:00