DECNET/decnet at e9324acac737cfcd4f7df266da98db9fd2676f58 - DECNET - RESACA Chile: Donde la ciberseguridad se chupa una chela.

anti/DECNET

Files

History

anti e9324acac7 feat(smtp): emit X-Mailer / Return-Path / dkim+spf / URLs on message_stored

The EmailLifter (R0041–R0048) keys on header-derived signals that the
v0 _summarize_message did not extract. Add cheap Layer 2 projections
inside the existing single-pass parse:

* return_path / x_mailer — direct header reads, decoded RFC 2047
* dkim_signed / spf_pass — booleans derived from any
  Authentication-Results header (multiple lines tolerated; positive
  verdict on any line wins)
* urls — http(s) URLs lifted from text/* body parts via a tight
  regex, deduplicated first-seen-wins, capped at 64 in the wire
  payload to bound the syslog SD value

Heavyweight extraction (body simhash, office-macro detection,
HTML-smuggling, password-protected archives, mal-hash-match,
body_text projection) stays deferred per the EmailLifter heavyweight
DEBT entry — those rules need privacy / extractor decisions before
they ship.

2026-05-02 18:37:11 -04:00

..

fix(types): T7 — eliminate all remaining 38 mypy errors; fix DeckyRow subscript in engine tests

2026-05-01 02:07:53 -04:00

fix(types): P1 — annotate ranges: list[Range] in geoip/rir and asn/iptoasn providers

2026-05-01 00:21:44 -04:00

feat(ttp): E.3.5 FilesystemRuleStore — inotify hot-reload + per-rule events

2026-05-01 08:31:05 -04:00

fix(types): T7 — eliminate all remaining 38 mypy errors; fix DeckyRow subscript in engine tests

2026-05-01 02:07:53 -04:00

feat(ttp): E.4.a extract decnet/cli/ttp.py with worker run + backfill CLI

2026-05-02 01:35:17 -04:00

feat(ttp): E.3.15 UKC bridge — production phase-handoff edge fires

2026-05-01 21:01:58 -04:00

feat(ttp): split bash CMD evidence into structured uid/user/src/pwd/cmd rows

2026-05-02 03:20:53 -04:00

fix(collector): unwrap double-wrapped RFC5424 around bash PROMPT_COMMAND

2026-05-02 02:32:21 -04:00

feat(deckies): generic file drops on fleet + MazeNET deckies

2026-04-28 22:43:34 -04:00

fix(types): T7 — eliminate all remaining 38 mypy errors; fix DeckyRow subscript in engine tests

2026-05-01 02:07:53 -04:00

fix(types): T3 — narrow str|None at 12 sites; fix LANRow/DeckyRow subscript in mutator tests

2026-05-01 02:18:53 -04:00

fix(types): P1 — annotate ranges: list[Range] in geoip/rir and asn/iptoasn providers

2026-05-01 00:21:44 -04:00

feat(intel): project per-provider taxonomy into attacker.intel.enriched payload

2026-05-02 18:08:29 -04:00

fix(types): P2 — wire _MixinBase + col() across sqlmodel_repo; suppress pydantic/SQLModel column typing false positives

2026-05-01 00:49:18 -04:00

fix(types): T7 — eliminate all remaining 38 mypy errors; fix DeckyRow subscript in engine tests

2026-05-01 02:07:53 -04:00

feat(net): stealth-egress httpx client factory

2026-04-26 04:59:34 -04:00

fix(types): T7 — eliminate all remaining 38 mypy errors; fix DeckyRow subscript in engine tests

2026-05-01 02:07:53 -04:00

fix(types): T6 — suppress scapy attr-defined on lazy imports in tcpfp.py

2026-05-01 02:19:00 -04:00

feat(prober-cert): roll up fingerprints onto AttackerIdentity

2026-04-28 11:28:54 -04:00

fix(types): T3 — narrow str|None at 12 sites; fix LANRow/DeckyRow subscript in mutator tests

2026-05-01 01:47:04 -04:00

fix(types): P1 — type: ignore[abstract] for plugin-discovery cls() call in registry

2026-05-01 00:21:09 -04:00

feat(sniffer): ISN sequence classifier (reuses seq_class helper)

2026-04-26 20:30:24 -04:00

fix(types): T7 — eliminate all remaining 38 mypy errors; fix DeckyRow subscript in engine tests

2026-05-01 02:07:53 -04:00

fix(types): T7 — eliminate all remaining 38 mypy errors; fix DeckyRow subscript in engine tests

2026-05-01 02:07:53 -04:00

feat(smtp): emit X-Mailer / Return-Path / dkim+spf / URLs on message_stored

2026-05-02 18:37:11 -04:00

fix(types): T7 — eliminate all remaining 38 mypy errors; fix DeckyRow subscript in engine tests

2026-05-01 02:07:53 -04:00

fix(ttp): correct intel_lifter mappings + repoint ThreatFox to threat_type

2026-05-02 18:08:48 -04:00

sec(updater): harden tarball extraction and verify sha256 before extract

2026-04-27 21:14:48 -04:00

fix(types): T1 — remove 15 stale type: ignore comments confirmed unused by mypy

2026-05-01 02:18:40 -04:00

feat(intel): persist per-provider taxonomy on AttackerIntel for TTP dispatch

2026-05-02 18:07:57 -04:00

fix(types): T5 — narrow AsyncClient|None with inline if; rename loop variable t→task to avoid no-redef

2026-05-01 02:18:57 -04:00

__init__.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

archetypes.py

refactor(ssh): consolidate real_ssh into ssh, remove duplication

2026-04-11 19:51:41 -04:00

composer.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

config_ini.py

feat(config): add swarmctl-host to INI, env, CLI; drop hardcoded bind from systemd unit

2026-04-30 22:16:00 -04:00

config.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

custom_service.py

Add per-service customization, stealth hardening, and BYOS support

2026-04-04 04:08:27 -03:00

distros.py

fix: stabilize tests with synchronous DB init and handle Bandit security findings

2026-04-09 01:33:15 -04:00

env.py

fix(types): T3 — narrow str|None at 12 sites; fix LANRow/DeckyRow subscript in mutator tests

2026-05-01 02:18:53 -04:00

ini_loader.py

fix: align tests with model validation and API error reporting

2026-04-13 01:43:52 -04:00

models.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

network.py

Merge branch 'merge-rehearsal' into dev

2026-05-01 02:27:20 -04:00

os_fingerprint.py

feat(os_fingerprint): Phase 2 — add icmp_ratelimit + icmp_ratemask sysctls

2026-04-10 16:41:23 -04:00

privdrop.py

merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00

telemetry.py

fix(types): P2 — wire _MixinBase + col() across sqlmodel_repo; suppress pydantic/SQLModel column typing false positives

2026-05-01 00:49:18 -04:00