From 068378497a7461a6fb2cfbe04605809a62789a2e Mon Sep 17 00:00:00 2001 From: Shiv Bhagavatula Date: Wed, 10 Jan 2024 16:24:42 +0530 Subject: [PATCH] - Initial version of the actions --- actions/accuknox/preventLocalDNSHijack | 12 ++++++++++++ threats/mitre/dnsManipulation.yaml | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 actions/accuknox/preventLocalDNSHijack diff --git a/actions/accuknox/preventLocalDNSHijack b/actions/accuknox/preventLocalDNSHijack new file mode 100644 index 0000000..e44d18d --- /dev/null +++ b/actions/accuknox/preventLocalDNSHijack @@ -0,0 +1,12 @@ +title: preventLocalDNSHijack +description: This attack consists of modifying the /etc/resolv.conf file +to point to a malicious DNS server. The mitigation consists of having an security engine rule preventing writes to /etc/resolv.conf file +severity: high +tags: [5gcore, edge, accuknox] +references: + - name: MITRE FiGHT + url: https://fight.mitre.org/techniques/FGT5006 + - name: Hellfire + url: https://hellfire0x01.medium.com/get-familiar-with-dns-hijacking-2215a0a318d4 + - name: SecurityTrails + url: https://securitytrails.com/blog/preventing-domain-hijacking-10-steps-to-increase-your-domain-security diff --git a/threats/mitre/dnsManipulation.yaml b/threats/mitre/dnsManipulation.yaml index 9e4798d..002186e 100644 --- a/threats/mitre/dnsManipulation.yaml +++ b/threats/mitre/dnsManipulation.yaml @@ -1,7 +1,7 @@ title: DNS Manipulation description: An adversary can manipulate DNS requests to redirect network traffic and potentially reveal end user activity. severity: high -tags: [mitre, initial-access] +tags: [5gcore, edge, mitre, accuknox, initial-access] detectionMethods: - name: networkTraffic tag: [mitre, ds0029]