From c37524b916038841de301c7ab0f4f27490d887e2 Mon Sep 17 00:00:00 2001
From: Daniel Cortez <dancor723@gmail.com>
Date: Fri, 5 Apr 2024 17:10:29 -0700
Subject: [PATCH] Updated YAML file for nscurl, added a Tactic, two more Use
 Cases, and a Resource

---
 LOOBins/nscurl.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/LOOBins/nscurl.yml b/LOOBins/nscurl.yml
index a20562e..2337796 100644
--- a/LOOBins/nscurl.yml
+++ b/LOOBins/nscurl.yml
@@ -9,6 +9,19 @@ example_use_cases:
     code: nscurl -k https://google.com -o /private/tmp/google
     tactics:
       - Defense Evasion
+      - Command and Control
+  - name: Download file
+    description: Download file to the Downloads directory using -dl 
+    code: nscurl https://google.com -dl
+    tactics:
+      - Defense Evasion
+      - Command and Control
+  - name: Download file
+    description: Download file to a designated directory using -dir 
+    code: nscurl https://google.com -dir /private/tmp/google
+    tactics:
+      - Defense Evasion
+      - Command and Control             
 paths:
   - /usr/bin/nscurl
 detections:
@@ -17,3 +30,5 @@ detections:
 resources:
   - name: "How to Diagnose App Transport Security Issues using nscurl and OpenSSL"
     url: https://www.agnosticdev.com/content/how-diagnose-app-transport-security-issues-using-nscurl-and-openssl
+  - name: "Living-off-the-Land: Exploring macOS LOOBins and Crafting Detection Rules - nscurl"
+    url: https://danielcortez.substack.com/p/living-off-the-land-exploring-macos