Conversation
| # att&ck: | ||
| # - Mobile::SMS Control [T1582] |
There was a problem hiding this comment.
we currently only lint for Enterprise techniques, not https://attack.mitre.org/techniques/mobile/
There was a problem hiding this comment.
seems reasonable to add, assuming it's low effort and maintenance. we could also wait until someone wants to use this and/or we have more substantial coverage.
| - os: android | ||
| # ... = (*env)->FindClass(env, "android/telephony/SmsManager"); | ||
| - string: "android/telephony/SmsManager" | ||
| - optional: |
There was a problem hiding this comment.
eventually we'll probably want to factor this out, but let's wait until it's used in a few places first.
There was a problem hiding this comment.
yeah, probably a good idea to write a few dozen rules and talk to potential users first
| # att&ck: | ||
| # - Mobile::SMS Control [T1582] |
There was a problem hiding this comment.
seems reasonable to add, assuming it's low effort and maintenance. we could also wait until someone wants to use this and/or we have more substantial coverage.
2 participants
First rule for Android (native code called via JNI), here from a private 64-bit .so file. Very similar code is also referenced in https://stackoverflow.com/questions/30175062/jni-callvoidmethod-leads-to-fatal-signal-6-and-invalid-indirect-reference.
Question: do we want to mix mobile with desktop for namespaces and ATT&CK?