update: Potential Netcat Reverse Shell Execution - add nc.openbsd and nc.traditional binary matches

rules/linux/process_creation/proc_creation_lnx_install_root_certificate.yml

@@ -6,7 +6,7 @@ references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1553.004/T1553.004.md
 author: Ömer Günal, oscd.community
 date: 2020-10-05
-modified: 2022-07-07
+modified: 2026-05-04
 tags:
     - attack.defense-impairment
     - attack.t1553.004
@@ -15,9 +15,9 @@ logsource:
     category: process_creation
 detection:
     selection:
-        Image|endswith:
-            - '/update-ca-certificates'
-            - '/update-ca-trust'
+        CommandLine|contains:
+            - 'update-ca-certificates'
+            - 'update-ca-trust'
     condition: selection
 falsepositives:
     - Legitimate administration activities

rules/linux/process_creation/proc_creation_lnx_netcat_reverse_shell.yml

@@ -8,8 +8,9 @@ references:
     - https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/
     - https://www.infosecademy.com/netcat-reverse-shells/
     - https://man7.org/linux/man-pages/man1/ncat.1.html
-author: '@d4ns4n_, Nasreddine Bencherchali (Nextron Systems)'
+author: '@d4ns4n_, Nasreddine Bencherchali (Nextron Systems), Eissa Bageri'
 date: 2023-04-07
+modified: 2026-05-14
 tags:
     - attack.execution
     - attack.t1059
@@ -20,6 +21,8 @@ detection:
     selection_nc:
         Image|endswith:
             - '/nc'
+            - '/nc.openbsd'
+            - '/nc.traditional'
             - '/ncat'
     selection_flags:
         CommandLine|contains: