issues
search
chainguard-dev
/
bincapz
detect malicious program behaviors
Apache License 2.0
387
stars
24
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Mask Chrome extension IDs in threat-hunting keyword list
#177
tstromberg
closed
2 months ago
2
XProtect flags bincapz as malware
#176
tstromberg
closed
2 months ago
2
Rule improvements based on temporal analysis
#175
tstromberg
closed
2 months ago
0
Add support for archives within directories
#174
egibs
closed
2 months ago
3
v1.0.0 release blockers
#173
tstromberg
opened
2 months ago
5
Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0
#172
dependabot[bot]
closed
2 months ago
0
Bump actions/checkout from 4.1.3 to 4.1.4 in the all group
#171
dependabot[bot]
closed
2 months ago
0
Upgrade to go1.22 and add goreleaser job checker
#170
cpanato
closed
2 months ago
3
Improve rules based on LightSpy + add Huntress to third_party
#169
tstromberg
closed
2 months ago
0
Add rules to ignore F-strings and comments
#168
egibs
closed
2 months ago
0
Ignore bincapz findings by default
#167
egibs
closed
2 months ago
0
Add rule to detect references to Github comment attachments
#166
tstromberg
closed
2 months ago
0
Import rule URLs, add them to markdown & JSON output
#165
tstromberg
closed
2 months ago
0
Improve detection for Python setuptools backdoors
#164
tstromberg
closed
2 months ago
0
powershell: detect verbose hidden incantation
#163
tstromberg
closed
2 months ago
0
Fix GoReleaser
#162
egibs
closed
2 months ago
1
goreleaser failed: line 6: cannot unmarshal !!map into []config.Build
#161
tstromberg
closed
2 months ago
2
Add ThreatHunting-Keywords-yara-rules
#160
egibs
closed
2 months ago
4
markdown diff: split add/remove tables
#159
tstromberg
closed
3 months ago
0
terminal: dynamically scale output (again)
#158
tstromberg
closed
3 months ago
0
rules: Add more reference URLs
#157
tstromberg
closed
3 months ago
0
markdown: Add evidence column, hide metadata rows
#156
tstromberg
closed
3 months ago
0
Bump actions/checkout from 4.1.1 to 4.1.3 in the all group
#155
dependabot[bot]
closed
3 months ago
0
markdown: Include evidence column and URL links
#154
tstromberg
closed
3 months ago
1
Add count + total statistics
#153
egibs
closed
3 months ago
0
actions: reduce unnecessary lint noise for non-code files
#152
tstromberg
closed
2 months ago
0
Update to YARAForge 2024-04-14
#151
tstromberg
closed
3 months ago
0
Tune packer rules to avoid false-positives
#150
tstromberg
closed
3 months ago
0
Disable godmode, import rules based on it
#149
tstromberg
closed
3 months ago
0
Add /dev/ rule
#148
egibs
closed
3 months ago
6
add generic /dev path detection
#147
tstromberg
closed
3 months ago
0
Massive rule tuning to improve Linux detection and output
#146
tstromberg
closed
3 months ago
0
Mention pkg-config dependency and container image
#145
tstromberg
closed
3 months ago
0
Add support for archives
#144
egibs
closed
3 months ago
3
terminal improvements: add evidence column back, make diff more obvious
#143
tstromberg
closed
3 months ago
0
Improve Markdown diff readability
#142
tstromberg
closed
3 months ago
0
high false positive: combo/backdoor/browser_extension with Chromium
#141
tstromberg
closed
3 months ago
0
high false positive: combo/worm/ssh with argocd
#140
tstromberg
closed
3 months ago
0
high false positive: combo/backdoor/iptables with buildkitd, calico, cilium
#139
tstromberg
closed
3 months ago
0
possible false positive: combo/backdoor/net_exec with argocd, az, bluez, bun, cilium
#138
tstromberg
closed
3 months ago
0
high false positive: combo/wiper/crypto with argo-cd and bun
#137
tstromberg
closed
3 months ago
0
high false positive: combo/router/critical_paths with cilium and aerospike
#136
tstromberg
closed
3 months ago
0
high false positive: combo/backdoor/net_term with argo, chezmoi, clickhouse
#135
tstromberg
closed
3 months ago
0
ignore bincapz findings by default
#134
tstromberg
closed
2 months ago
0
critical false positive: combo/backdoor/php in chezmoi
#133
tstromberg
closed
3 months ago
0
possible false positive: combo/router/malware in apko
#132
tstromberg
closed
3 months ago
0
evasion/fake/process/name should be HIGH not CRITICAL
#131
tstromberg
closed
3 months ago
0
critical false positive: 3P/godmoderules/iddqd/god/mode with ASP.net
#130
tstromberg
closed
3 months ago
0
critical false positive: combo/backdoor/py_setuptools with az and checkov
#129
tstromberg
closed
3 months ago
0
critical false positive: evasion/process/injection with buck, cadvisor, calico, chromium, cilium, clickhouse
#128
tstromberg
closed
3 months ago
0
Previous
Next