YARA, Suricata, Sigma and host-hunt rules pulled from the reports. Click a rule to see the full text and every post that uses it, or pull the set as JSON via the feed. We don't serve loadable rule files by design — copy and review before you deploy.
| Type | Rule | Posts | Last seen |
|---|---|---|---|
| host | daemon.json.disabled-by-dockerpwn fallback artifact | 1 | 2026-06-16 |
| host | docker logs audit for PWN COMPLETE / dockerpwn | 1 | 2026-06-16 |
| host | dockerpwn managed ssh marker in sshd_config | 1 | 2026-06-16 |
| host | Docker systemd override audit | 1 | 2026-06-16 |
| host | ed25519 marker key in authorized_keys | 1 | 2026-06-16 |
| host | LD_PRELOAD rootkit hook in the agent systemd unit | 1 | 2026-06-16 |
| host | /tmp/pwn.sh content signature | 1 | 2026-06-16 |
| host | VoidLink on-disk footprint | 1 | 2026-06-16 |
