"Things are not always what they seem in this place, so you can't take anything for granted." - The Worm
This is an experimental project by the CERT/CC to find code that looks like it might be exploit code.
/results
, organized by year, month, and day./data
, and are organized by repository IDs and vulnerabilty IDs.This project is creating an index with pointers to repositories of potential interest to vulnerabilty analysts and security researchers.
Because we are basically just doing keyword searches to find repositories and then using regexes to match ID patterns in the repositories we found, we can't make any specific claims about any particular finding.
Labyrinth is known to find
We consider many of these to be noise in the data collected (except for the known exploit collections of course). However, this data is intended to serve as the front end of an analysis pipeline and not the finished product. So while we're interested in improving the signal-to-noise ratio, we don't really consider it to be a big problem that needs to be fixed (for now at least). Improvement suggestions are welcome nonetheless.
All of this is meant to say that:
But it might be worth a look.
Because a large collection of code repositories can look from the outside like "a maze of twisty little passages, all alike". And while not everything you come across is out to get you, sometimes there are monsters lurking in the shadows.