diff --git a/content/oscar/techniques/T0112 - Compromised token.yaml b/content/oscar/techniques/T0112 - Compromised token.yaml index 8eca565..fe76963 100644 --- a/content/oscar/techniques/T0112 - Compromised token.yaml +++ b/content/oscar/techniques/T0112 - Compromised token.yaml @@ -35,7 +35,7 @@ detections: - D1262 - D1500 -subtechniques: +subTechniques: - T0105 references: diff --git a/content/oscar/techniques/T0129 - Typosquatting.yaml b/content/oscar/techniques/T0129 - Typosquatting.yaml index 2817d03..45d93fc 100644 --- a/content/oscar/techniques/T0129 - Typosquatting.yaml +++ b/content/oscar/techniques/T0129 - Typosquatting.yaml @@ -28,7 +28,7 @@ detections: - D1510 - D1520 -subtechinques: +subTechniques: - T0157 references: diff --git a/content/oscar/techniques/T0130 - Harvest secrets from logs.yaml b/content/oscar/techniques/T0130 - Harvest secrets from logs.yaml index 7cd94fc..44624e1 100644 --- a/content/oscar/techniques/T0130 - Harvest secrets from logs.yaml +++ b/content/oscar/techniques/T0130 - Harvest secrets from logs.yaml @@ -28,7 +28,7 @@ detections: - D1510 - D1590 -subtechinques: +subTechniques: - T0162 references: diff --git a/content/oscar/techniques/T0165 - Create access token.yaml b/content/oscar/techniques/T0165 - Create access token.yaml index 5525f3e..ff2968f 100644 --- a/content/oscar/techniques/T0165 - Create access token.yaml +++ b/content/oscar/techniques/T0165 - Create access token.yaml @@ -23,7 +23,7 @@ mitigations: detections: - D1650 -refrences: +references: - https://circleci.com/blog/jan-4-2023-incident-report/ metadata: diff --git a/content/oscar/techniques/T0176 - Misconfiguration of security measures.yaml b/content/oscar/techniques/T0176 - Misconfiguration of security measures.yaml index d08de63..36a7c2a 100644 --- a/content/oscar/techniques/T0176 - Misconfiguration of security measures.yaml +++ b/content/oscar/techniques/T0176 - Misconfiguration of security measures.yaml @@ -30,7 +30,7 @@ detections: - D1510 - D1520 -subtechinques: +subTechniques: - T0144 - T0146 diff --git a/content/templates/stories/AS1 - Webmin 1.900 RCE.yaml b/content/templates/stories/AS1 - Webmin 1.900 RCE.yaml index 3e3f682..098e898 100644 --- a/content/templates/stories/AS1 - Webmin 1.900 RCE.yaml +++ b/content/templates/stories/AS1 - Webmin 1.900 RCE.yaml @@ -19,8 +19,8 @@ attacks: - tactic: Initial Access - technique: - - techid: T0191 - - techname: Malicious Code In Artifacts + - techniqueID: T0191 + - techName: Malicious Code In Artifacts - tactic: Impact - comment: The attackers infected the webmin code with a backdoor that allowed remote code execution. - technique: diff --git a/content/website/matrix.json b/content/website/matrix.json index c728f42..ea23632 100644 --- a/content/website/matrix.json +++ b/content/website/matrix.json @@ -11,7 +11,7 @@ "tooltip": "Services(Servers) compromise", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -25,7 +25,7 @@ "tooltip": "Compromised token", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -38,7 +38,7 @@ "tooltip": "Vulnerability in third-party dependency", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -49,7 +49,7 @@ "tooltip": "Combosquatting", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -60,7 +60,7 @@ "tooltip": "Exposed internal API", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -71,7 +71,7 @@ "tooltip": "Compromised developer workstation", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -82,7 +82,7 @@ "tooltip": "Brandjacking", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -94,7 +94,7 @@ "tooltip": "Weak authentication methods", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -104,7 +104,7 @@ "tooltip": "Malicious module injection", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -115,7 +115,7 @@ "tooltip": "Vulnerable CICD template", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -128,7 +128,7 @@ "tooltip": "Compromised service account", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -141,7 +141,7 @@ "tooltip": "Compromised user account", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -151,7 +151,7 @@ "tooltip": "Vulnerable CICD plugins", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -161,7 +161,7 @@ "tooltip": "Exposed WebHook", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -171,7 +171,7 @@ "tooltip": "Vulnerable CICD system", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -183,7 +183,7 @@ "tooltip": "External user accounts", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -194,7 +194,7 @@ "tooltip": "Repojacking", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -205,7 +205,7 @@ "tooltip": "Exposed database", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -216,7 +216,7 @@ "tooltip": "Permissive network access", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -226,7 +226,7 @@ "tooltip": "Malicious IDE extension", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -237,7 +237,7 @@ "tooltip": "Typosquatting", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -248,7 +248,7 @@ "tooltip": "Exposed storage", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -264,11 +264,11 @@ "tooltip": "Shadow IT", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Initial Access" + "tooltip": "Initial Access" }, "Reconnaissance": { "items": [ @@ -282,7 +282,7 @@ "tooltip": "Discover naming conventions", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -294,7 +294,7 @@ "tooltip": "Discover technology stacks", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -305,7 +305,7 @@ "tooltip": "Discover coding flaws", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -316,7 +316,7 @@ "tooltip": "Scan configuration on public resources", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -326,7 +326,7 @@ "tooltip": "Scan public CICD configurations for secrets and vulnerable actions", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -338,7 +338,7 @@ "tooltip": "Scan public artifacts for secrets", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -349,7 +349,7 @@ "tooltip": "Discover internal artifacts names", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -359,7 +359,7 @@ "tooltip": "Accidental public disclosure of internal resources", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -369,7 +369,7 @@ "tooltip": "Active scanning", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -381,11 +381,11 @@ "tooltip": "Discover used open-source dependencies", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Reconnaissance" + "tooltip": "Reconnaissance" }, "Persistence": { "items": [ @@ -397,7 +397,7 @@ "tooltip": "Recursive PR", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -407,7 +407,7 @@ "tooltip": "Scheduled TaskJob on self hosted runner", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -417,7 +417,7 @@ "tooltip": "Deploy keys", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -430,7 +430,7 @@ "tooltip": "Create access token", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -442,7 +442,7 @@ "tooltip": "Backdoor in code", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -452,7 +452,7 @@ "tooltip": "Untagged resources", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -462,7 +462,7 @@ "tooltip": "Implant in zombie instance", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -473,11 +473,11 @@ "tooltip": "Add user", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Persistence" + "tooltip": "Persistence" }, "Defense Evasion": { "items": [ @@ -489,7 +489,7 @@ "tooltip": "Misconfigured traffic log settings", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -500,7 +500,7 @@ "tooltip": "Bypass Review using admin permission", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -510,7 +510,7 @@ "tooltip": "SaaS sprawl", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -520,7 +520,7 @@ "tooltip": "Misconfiguration of security measures", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -532,7 +532,7 @@ "tooltip": "Misconfigured audit logs settings", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -543,11 +543,11 @@ "tooltip": "Malicious CompilerInterpreter", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Defense Evasion" + "tooltip": "Defense Evasion" }, "Resource Development": { "items": [ @@ -559,7 +559,7 @@ "tooltip": "Forge developer reputation", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -570,7 +570,7 @@ "tooltip": "Malicious code contribution to an open-source repository", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -581,7 +581,7 @@ "tooltip": "Compromised legitimate artifact", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -592,7 +592,7 @@ "tooltip": "Advertise malicious artifact", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -603,7 +603,7 @@ "tooltip": "Publish malicious artifact", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -614,11 +614,11 @@ "tooltip": "Accounts in public registry", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Resource Development" + "tooltip": "Resource Development" }, "Credential Access": { "items": [ @@ -634,7 +634,7 @@ "tooltip": "Dump tokens from the environment variable", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -645,7 +645,7 @@ "tooltip": "Passwords in CICD logs", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -656,7 +656,7 @@ "tooltip": "Dumping short-lived token", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -668,7 +668,7 @@ "tooltip": "Passwords in application logs", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -679,7 +679,7 @@ "tooltip": "Harvest secrets from logs", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -689,7 +689,7 @@ "tooltip": "Steal credentials in container artifacts", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -701,7 +701,7 @@ "tooltip": "Runtime leakage of password", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -712,11 +712,11 @@ "tooltip": "Dumping credentials from files", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Credential Access" + "tooltip": "Credential Access" }, "Execution": { "items": [ @@ -728,7 +728,7 @@ "tooltip": "SQL injection", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -738,7 +738,7 @@ "tooltip": "Installation scripts", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -748,7 +748,7 @@ "tooltip": "Cross-site scripting", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -759,7 +759,7 @@ "tooltip": "Malicious artifact execution", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -769,7 +769,7 @@ "tooltip": "IDE", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -779,7 +779,7 @@ "tooltip": "Package Manager", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -791,7 +791,7 @@ "tooltip": "Runtime Backdoor", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -801,7 +801,7 @@ "tooltip": "Cloud workload", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -811,7 +811,7 @@ "tooltip": "Auto merge rules in SCM", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -821,7 +821,7 @@ "tooltip": "Command injection", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -833,7 +833,7 @@ "tooltip": "Runtime logic bomb", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -845,7 +845,7 @@ "tooltip": "Dependency confusion", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -856,11 +856,11 @@ "tooltip": "Trigger pipeline execution", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Execution" + "tooltip": "Execution" }, "Collection": { "items": [ @@ -873,7 +873,7 @@ "tooltip": "Unencrypted data at transit", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -884,11 +884,11 @@ "tooltip": "Unencrypted data at rest", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Collection" + "tooltip": "Collection" }, "Lateral Movement": { "items": [ @@ -903,7 +903,7 @@ "tooltip": "Overprivileged user account", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -914,11 +914,11 @@ "tooltip": "Push implants across repositories", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Lateral Movement" + "tooltip": "Lateral Movement" }, "Exfiltration": { "items": [ @@ -930,7 +930,7 @@ "tooltip": "Source code", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -940,7 +940,7 @@ "tooltip": "Webhook", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -950,11 +950,11 @@ "tooltip": "Bypass of outbound traffic control", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Exfiltration" + "tooltip": "Exfiltration" }, "Privilege Escalation": { "items": [ @@ -967,7 +967,7 @@ "tooltip": "Runnersagents running with high user privileges", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -978,11 +978,11 @@ "tooltip": "Inject malicious dependency to privileged user repository", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Privilege Escalation" + "tooltip": "Privilege Escalation" }, "Impact": { "items": [ @@ -996,7 +996,7 @@ "tooltip": "Resource hijacking", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -1006,7 +1006,7 @@ "tooltip": "Delete repositories for DoS", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -1016,10 +1016,10 @@ "tooltip": "Misconfiguration of serverless workloads", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Impact" + "tooltip": "Impact" } } \ No newline at end of file diff --git a/helpers/create_pbom_release.py b/helpers/create_pbom_release.py index bab13c3..64d7f6a 100644 --- a/helpers/create_pbom_release.py +++ b/helpers/create_pbom_release.py @@ -1,9 +1,10 @@ -import yaml -import json +import argparse import glob -import os +import json import logging -import argparse +import os + +import yaml logger = logging.getLogger(__name__) formatter = logging.Formatter('%(asctime)s - %(funcName)s:%(lineno)d - %(levelname)s - %(message)s') @@ -25,12 +26,14 @@ "Collection": "TA10", "Exfiltration": "TA11", "Impact": "TA12" - } +} + class PageGenerator(object): ''' This class will generate the full page for a technique with all the mitigations and detections ''' + def __init__(self, mitigation_path, detection_path): self.mitigation_path = mitigation_path self.detection_path = detection_path @@ -44,7 +47,7 @@ def read_mitigation(self): j = self.yaml_to_json(fname) d[j['id']] = j return d - + def read_detection(self): d = {} files_glob = glob.glob(os.path.join(self.detection_path, '*.yaml')) @@ -53,13 +56,12 @@ def read_detection(self): d[j['id']] = j return d - - def yaml_to_json(self,yaml_file): + + def yaml_to_json(self, yaml_file): with open(yaml_file, 'r') as f: data = yaml.load(f, Loader=yaml.FullLoader) return data - def generate(self, tech_fname): # save_to_file will save the mitigation and detection files to the mitigation_path and detection_path @@ -73,27 +75,26 @@ def generate(self, tech_fname): try: tech['mitigations'].append(self.mitigations[m]) except KeyError: - #logger.error(f"No mitigations in {tech_fname}") + # logger.error(f"No mitigations in {tech_fname}") pass - + for d in j['detections']: try: tech['detections'].append(self.detections[d]) except KeyError: - #logger.error(f"No detections in {tech_fname}") + # logger.error(f"No detections in {tech_fname}") pass - return tech - def parse_args(): parser = argparse.ArgumentParser(description='Create PBOM release') parser.add_argument('-s', '--source', help='OSCAR source path', required=True) parser.add_argument('-d', '--dest', help='PBOM data destination path', required=True) return parser.parse_args() + def setup_directory(pbom_data_path): logger.info("Creating directories") try: @@ -105,9 +106,10 @@ def setup_directory(pbom_data_path): except: logger.error("Can't create directory") + def yaml_to_json(yaml_file): with open(yaml_file, 'r') as f: - data = yaml.load(f, Loader=yaml.FullLoader) + data = yaml.load(f, Loader=yaml.FullLoader) return data @@ -126,22 +128,26 @@ def create_release(oscar_source_path, pbom_data_path): # transform mitigations and detections to json and save to the pbom_data directory logger.info("Copying mitigations and detections to pbom_data directory") - for fname in glob.glob(os.path.join(oscar_source_path, "mitigations","*.yaml")): - with open(os.path.join(pbom_data_path, 'pbom_data', 'mitigations', fname.split('/')[-1].replace('.yaml', '.json')), 'w') as f: + for fname in glob.glob(os.path.join(oscar_source_path, "mitigations", "*.yaml")): + with open(os.path.join(pbom_data_path, 'pbom_data', 'mitigations', + fname.split('/')[-1].replace('.yaml', '.json')), 'w') as f: json.dump(yaml_to_json(fname), f, indent=4) - for fname in glob.glob(os.path.join(oscar_source_path, "detections","*.yaml")): - with open(os.path.join(pbom_data_path, 'pbom_data', 'detections', fname.split('/')[-1].replace('.yaml', '.json')), 'w') as f: + for fname in glob.glob(os.path.join(oscar_source_path, "detections", "*.yaml")): + with open( + os.path.join(pbom_data_path, 'pbom_data', 'detections', fname.split('/')[-1].replace('.yaml', '.json')), + 'w') as f: json.dump(yaml_to_json(fname), f, indent=4) - + p = PageGenerator(os.path.join(oscar_source_path, 'mitigations'), os.path.join(oscar_source_path, 'detections')) - - for tech_fname in glob.glob(os.path.join(oscar_source_path, "techniques","*.yaml")): + + for tech_fname in glob.glob(os.path.join(oscar_source_path, "techniques", "*.yaml")): full_page = p.generate(tech_fname) # save to file - with open(os.path.join(pbom_data_path, 'pbom_data', 'techniques', tech_fname.split('/')[-1].replace('.yaml', '.json')), 'w') as f: + with open(os.path.join(pbom_data_path, 'pbom_data', 'techniques', + tech_fname.split('/')[-1].replace('.yaml', '.json')), 'w') as f: json.dump(full_page, f, indent=4) - + # generate attack story logger.info("Generating attack story") generate_attack_story(oscar_source_path, pbom_data_path) @@ -166,7 +172,7 @@ def generate_attack_story(oscar_source_path, pbom_data_path): # read yaml file y = yaml.load(f, Loader=yaml.SafeLoader) # convert to json - #print(y) + # print(y) j = { "name": y['summary'], "description": y['description'], @@ -206,9 +212,10 @@ def generate_attack_story(oscar_source_path, pbom_data_path): # sort techniques by attack_index and tactic j['techniques'] = sorted(j['techniques'], key=lambda k: (k['attack_index'], TACTICS_ENUM[k['tactic']])) - + # save to json - with open(os.path.join(pbom_data_path, 'pbom_data', 'campaigns', filename.split('/')[-1].replace('.yaml', '.json')), 'w') as f: + with open(os.path.join(pbom_data_path, 'pbom_data', 'campaigns', + filename.split('/')[-1].replace('.yaml', '.json')), 'w') as f: f.write(json.dumps(j, indent=4)) story_list.append({ "name": j['name'], @@ -216,14 +223,13 @@ def generate_attack_story(oscar_source_path, pbom_data_path): }) # sort story list techniques by index and TACTICS_ENUM - #story_list = sorted(story_list['techniques'], key=lambda k: (k['index'], TACTICS_ENUM[k['tactic']])) + # story_list = sorted(story_list['techniques'], key=lambda k: (k['index'], TACTICS_ENUM[k['tactic']])) # save story list with open(os.path.join(pbom_data_path, 'pbom_data', 'campaigns', 'story_list.json'), 'w') as f: f.write(json.dumps(story_list, indent=4)) - def generate_matrix(oscar_source_path, pbom_data_path): j = {} tech_path = os.path.join(oscar_source_path, 'techniques') @@ -234,36 +240,36 @@ def generate_matrix(oscar_source_path, pbom_data_path): # read yaml file y = yaml.load(f, Loader=yaml.SafeLoader) # convert to json - #print(y) + # print(y) if y['tactic'] not in j: j[y['tactic']] = {"items": [], "amount": 0, "tooltip": y['tactic'], - "tacticid": TACTICS_ENUM[y['tactic']]} + "tacticId": TACTICS_ENUM[y['tactic']]} + + # default subTechniques - # default subtechniques - - y.setdefault('subtechinques', []) + y.setdefault('subTechniques', []) item = {"tags": y['realm'], - "id": y['id'], - "name": y['summary'], - "tooltip": y['summary'], - "url": f"https://pbom.dev/techniques/&t_id={y['id']}", - "description": y['description'], - #"subTechniques": [] if y['subtechinques']==[None] else y['subtechinques'], - #"subTechniuqesAmount": len([] if y['subtechinques']==[None] else y['subtechinques']), - "version": "1.0", - "created": "1970-01-01T00:00:00", - "updated": "1970-01-01T00:00:00", - "contributors": ["OscarTheGrouch"] - } + "id": y['id'], + "name": y['summary'], + "tooltip": y['summary'], + "url": f"https://pbom.dev/techniques/&t_id={y['id']}", + "description": y['description'], + # "subTechniques": [] if y['subTechniques']==[None] else y['subTechniques'], + # "subTechniquesAmount": len([] if y['subTechniques']==[None] else y['subTechniques']), + "version": "1.0", + "created": "1970-01-01T00:00:00", + "updated": "1970-01-01T00:00:00", + "contributors": ["OscarTheGrouch"] + } j[y['tactic']]['items'].append(item) j[y['tactic']]['amount'] += 1 - # sort matrix by tacticid - j = dict(sorted(j.items(), key=lambda item: item[1]['tacticid'])) - + # sort matrix by tacticId + j = dict(sorted(j.items(), key=lambda item: item[1]['tacticId'])) + # sort items by id for tactic in j: j[tactic]['items'] = sorted(j[tactic]['items'], key=lambda k: k['id']) @@ -273,12 +279,12 @@ def generate_matrix(oscar_source_path, pbom_data_path): logger.info("Saving matrix.json to %s", os.path.join(pbom_data_path, 'matrix.json')) f.write(json.dumps(j, indent=4)) -if __name__ == '__main__': +if __name__ == '__main__': args = parse_args() pbom_data_path = args.dest oscar_source_path = args.source logger.info("Creating PBOM release") create_release(oscar_source_path, pbom_data_path) - #generate_attack_story(oscar_source_path, pbom_data_path) + # generate_attack_story(oscar_source_path, pbom_data_path) logger.info("Done") diff --git a/helpers/tech_to_json.py b/helpers/tech_to_json.py index 5e9c718..71152e2 100644 --- a/helpers/tech_to_json.py +++ b/helpers/tech_to_json.py @@ -1,44 +1,45 @@ -import sys -import logging import glob -import yaml import json +import logging +import sys +import yaml ### setup logging to stdout logging.basicConfig(level=logging.INFO) logger = logging.getLogger(__name__) -def main(path): +def main(path): j = {} - # read all yamls from path + # read all yaml files from path for filename in glob.glob(path + '/*.yaml'): logger.info('Reading file: %s', filename) with open(filename, 'r') as f: # read yaml file y = yaml.load(f, Loader=yaml.SafeLoader) # convert to json - #print(y) + # print(y) if y['tactic'] not in j: j[y['tactic']] = {"items": [], "amount": 0, - "tootlip": y['tactic']} + "tooltip": y['tactic']} + + # default subTechniques - # default subtechniques - - y.setdefault('subtechinques', []) + y.setdefault('subTechniques', []) item = {"tags": y['realm'], - "name": y['summary'], - "tooltip": y['summary'], - "url": "https://pbom.dev/", - "subTechniques": [] if y['subtechinques']==[None] else y['subtechinques'], - "subTechniuqesAmount": len([] if y['subtechinques']==[None] else y['subtechinques'])} + "name": y['summary'], + "tooltip": y['summary'], + "url": "https://pbom.dev/", + "subTechniques": [] if y['subTechniques'] == [None] else y['subTechniques'], + "subTechniquesAmount": len([] if y['subTechniques'] == [None] else y['subTechniques'])} j[y['tactic']]['items'].append(item) - + with open('matrix.json', 'w') as f: f.write(json.dumps(j, indent=4)) - -if __name__=='__main__': + + +if __name__ == '__main__': main(sys.argv[1]) diff --git a/matrix.json b/matrix.json index f31bc87..893c5ca 100644 --- a/matrix.json +++ b/matrix.json @@ -10,7 +10,7 @@ "tooltip": "Combosquatting", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -20,7 +20,7 @@ "tooltip": "Malicious IDE extension", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -32,7 +32,7 @@ "tooltip": "External user accounts", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -44,7 +44,7 @@ "tooltip": "Services(Servers) compromise", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -54,7 +54,7 @@ "tooltip": "Vulnerable CICD system", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -65,7 +65,7 @@ "tooltip": "Exposed storage", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -75,7 +75,7 @@ "tooltip": "Malicious module injection", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -85,7 +85,7 @@ "tooltip": "Exposed WebHook", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -99,7 +99,7 @@ "tooltip": "Compromised token", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -109,7 +109,7 @@ "tooltip": "Vulnerable CICD plugins", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -120,7 +120,7 @@ "tooltip": "Vulnerable CICD template", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -131,7 +131,7 @@ "tooltip": "Exposed internal API", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -144,7 +144,7 @@ "tooltip": "Vulnerability in third-party dependency", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -155,7 +155,7 @@ "tooltip": "Compromised developer workstation", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -166,7 +166,7 @@ "tooltip": "Exposed database", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -179,7 +179,7 @@ "tooltip": "Compromised service account", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -191,7 +191,7 @@ "tooltip": "Dependency confusion", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -202,7 +202,7 @@ "tooltip": "Permissive network access", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -213,7 +213,7 @@ "tooltip": "Repojacking", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -226,7 +226,7 @@ "tooltip": "Compromised user account", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -237,7 +237,7 @@ "tooltip": "Typosquatting", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -249,7 +249,7 @@ "tooltip": "Weak authentication methods", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -260,7 +260,7 @@ "tooltip": "Brandjacking", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -276,11 +276,11 @@ "tooltip": "Shadow IT", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Initial Access" + "tooltip": "Initial Access" }, "Collection": { "items": [ @@ -293,7 +293,7 @@ "tooltip": "Unencrypted data at transit", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -304,11 +304,11 @@ "tooltip": "Unencrypted data at rest", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Collection" + "tooltip": "Collection" }, "Resource Development": { "items": [ @@ -321,7 +321,7 @@ "tooltip": "Malicious code contribution to an open-source repository", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -332,7 +332,7 @@ "tooltip": "Accounts in public registry", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -343,7 +343,7 @@ "tooltip": "Publish malicious artifact", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -353,7 +353,7 @@ "tooltip": "Forge developer reputation", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -364,7 +364,7 @@ "tooltip": "Compromised legitimate artifact", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -375,11 +375,11 @@ "tooltip": "Advertise malicious artifact", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Resource Development" + "tooltip": "Resource Development" }, "Lateral Movement": { "items": [ @@ -392,7 +392,7 @@ "tooltip": "Push implants across repositories", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -405,11 +405,11 @@ "tooltip": "Overprivileged user account", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Lateral Movement" + "tooltip": "Lateral Movement" }, "Execution": { "items": [ @@ -421,7 +421,7 @@ "tooltip": "Installation scripts", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -433,7 +433,7 @@ "tooltip": "Runtime logic bomb", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -443,7 +443,7 @@ "tooltip": "IDE", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -455,7 +455,7 @@ "tooltip": "Runtime Backdoor", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -465,7 +465,7 @@ "tooltip": "Package Manager", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -475,7 +475,7 @@ "tooltip": "Command injection", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -485,7 +485,7 @@ "tooltip": "SQL injection", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -495,7 +495,7 @@ "tooltip": "Cross-site scripting", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -506,7 +506,7 @@ "tooltip": "Malicious artifact execution", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -516,7 +516,7 @@ "tooltip": "Cloud workload", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -526,7 +526,7 @@ "tooltip": "Auto merge rules in SCM", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -537,11 +537,11 @@ "tooltip": "Trigger pipeline execution", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Execution" + "tooltip": "Execution" }, "Exfiltration": { "items": [ @@ -553,7 +553,7 @@ "tooltip": "Bypass of outbound traffic control", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -563,7 +563,7 @@ "tooltip": "Source code", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -573,11 +573,11 @@ "tooltip": "Webhook", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Exfiltration" + "tooltip": "Exfiltration" }, "Credential Access": { "items": [ @@ -591,7 +591,7 @@ "tooltip": "Passwords in application logs", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -602,7 +602,7 @@ "tooltip": "Dumping credentials from files", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -613,7 +613,7 @@ "tooltip": "Harvest secrets from logs", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -624,7 +624,7 @@ "tooltip": "Dumping short-lived token", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -638,7 +638,7 @@ "tooltip": "Dump tokens from the environment variable", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -649,7 +649,7 @@ "tooltip": "Passwords in CICD logs", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -661,7 +661,7 @@ "tooltip": "Runtime leakage of password", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -671,11 +671,11 @@ "tooltip": "Steal credentials in container artifacts", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Credential Access" + "tooltip": "Credential Access" }, "Impact": { "items": [ @@ -687,7 +687,7 @@ "tooltip": "Delete repositories for DoS", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -699,7 +699,7 @@ "tooltip": "Resource hijacking", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -709,11 +709,11 @@ "tooltip": "Misconfiguration of serverless workloads", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Impact" + "tooltip": "Impact" }, "Reconnaissance": { "items": [ @@ -727,7 +727,7 @@ "tooltip": "Discover naming conventions", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -737,7 +737,7 @@ "tooltip": "Scan public CICD configurations for secrets and vulnerable actions", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -749,7 +749,7 @@ "tooltip": "Discover technology stacks", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -759,7 +759,7 @@ "tooltip": "Active scanning", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -771,7 +771,7 @@ "tooltip": "Discover used open-source dependencies", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -783,7 +783,7 @@ "tooltip": "Scan public artifacts for secrets", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -794,7 +794,7 @@ "tooltip": "Discover internal artifacts names", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -805,7 +805,7 @@ "tooltip": "Discover coding flaws", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -815,7 +815,7 @@ "tooltip": "Accidental public disclosure of internal resources", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -826,11 +826,11 @@ "tooltip": "Scan configuration on public resources", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Reconnaissance" + "tooltip": "Reconnaissance" }, "Defense Evasion": { "items": [ @@ -843,7 +843,7 @@ "tooltip": "Bypass Review using admin permission", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -853,7 +853,7 @@ "tooltip": "SaaS sprawl", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -865,7 +865,7 @@ "tooltip": "Misconfigured audit logs settings", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -875,7 +875,7 @@ "tooltip": "Misconfiguration of security measures", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -886,7 +886,7 @@ "tooltip": "Malicious CompilerInterpreter", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -896,11 +896,11 @@ "tooltip": "Misconfigured traffic log settings", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Defense Evasion" + "tooltip": "Defense Evasion" }, "Persistence": { "items": [ @@ -912,7 +912,7 @@ "tooltip": "Recursive PR", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -922,7 +922,7 @@ "tooltip": "Deploy keys", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -934,7 +934,7 @@ "tooltip": "Backdoor in code", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -945,7 +945,7 @@ "tooltip": "Add user", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -955,7 +955,7 @@ "tooltip": "Untagged resources", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -965,7 +965,7 @@ "tooltip": "Scheduled TaskJob on self hosted runner", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -975,7 +975,7 @@ "tooltip": "Implant in zombie instance", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -988,11 +988,11 @@ "tooltip": "Create access token", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Persistence" + "tooltip": "Persistence" }, "Privilege Escalation": { "items": [ @@ -1005,7 +1005,7 @@ "tooltip": "Inject malicious dependency to privileged user repository", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 }, { "tags": [ @@ -1016,10 +1016,10 @@ "tooltip": "Runnersagents running with high user privileges", "url": "https://pbom.dev/", "subTechniques": [], - "subTechniuqesAmount": 0 + "subTechniquesAmount": 0 } ], "amount": 0, - "tootlip": "Privilege Escalation" + "tooltip": "Privilege Escalation" } } \ No newline at end of file