anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(dev): post-v1 roadmap + check off shipped "Commands executed" item

Browse Source 
- DEVELOPMENT_V2.md (new): post-v1 direction. Everything here is after
  the v1 box is closed — federation, advanced behavioral profiling,
  maze-scale topology work.
- DEVELOPMENT.md: flip "Commands executed" checkbox — full per-session
  command log already landed in the profiler's _extract_commands_from
  _events path.
This commit is contained in:
anti
2026-04-23 21:52:15 -04:00
parent 6cbf8de6a8
commit a6356abe27
2 changed files with 546 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
development/DEVELOPMENT.md
View File

@@ -125,7 +125,7 @@
- [ ] **Latency triangulation** — JA4L RTT estimates for rough geolocation
### Service-Level Behavioral Profiling
- [ ] **Commands executed** — Full command log per session (SSH, Telnet, FTP, Redis, DB services)
- [x] **Commands executed** — Full command log per session (SSH, Telnet, FTP, Redis, DB services)
- [ ] **Services actively interacted with** — Distinguish port scans from live exploitation attempts
- [ ] **Tooling attribution** — Byte-sequence signatures from known C2 frameworks in handshakes
- [ ] **Credential reuse patterns** — Same username/password tried across multiple deckies/services