chainguard-dev malcontent issues

chainguard-dev / malcontent

detect malicious program behaviors

Apache License 2.0

407 stars 26 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Add support for rule overrides; ignore "false_positive" and "ignore" tags by default

#473 egibs opened 51 minutes ago
0
Bump actions/checkout from 4.1.7 to 4.2.0 in the all group

#472 dependabot[bot] opened 15 hours ago
0
Provide override rules that lower the priority of matches

#471 tstromberg opened 4 days ago
2
[WIP] Rewrite commit history to remove large samples

#470 egibs opened 5 days ago
0
Add --processes flag to scan active process commands

#469 egibs closed 5 days ago
0
Add --processes flag to scan active process commands

#468 egibs closed 5 days ago
1
Update malcontent to v1.0.1

#467 octo-sts[bot] closed 1 week ago
0
Explicitly check for "mal" binary name when ignoring self

#466 egibs closed 1 week ago
0
Update malcontent to v1.0.0

#465 octo-sts[bot] closed 1 week ago
0
bincapz is now malcontent

#464 egibs closed 1 week ago
0
refresh testdata: include scan_archive testdata

#463 tstromberg closed 1 week ago
0
Check if frs Map is nil before ranging over it

#462 egibs closed 2 weeks ago
0
Don't return after encountering a report with lower than minimum risk

#461 egibs closed 2 weeks ago
0
VirusTotal YARA-CI - false negatives found

#460 tstromberg opened 2 weeks ago
0
Bump step-security/harden-runner from 2.9.1 to 2.10.1 in the all group

#459 dependabot[bot] closed 2 weeks ago
0
action.errIfHitOrMiss: panic: runtime error: invalid memory address or nil pointer dereference

#458 tstromberg closed 2 weeks ago
1
Add shorter output format for 'scan' mode

#457 tstromberg closed 2 weeks ago
0
Improve JS/Python malware detection based on NPM/PyPI samples

#456 tstromberg closed 1 week ago
2
hadooken: Improve shell, python, and powershell dropper detection

#455 tstromberg closed 2 weeks ago
2
Add "filetypes" metadata to rules

#454 tstromberg opened 2 weeks ago
3
Add MITRE ATT&CK metadata to rules

#453 tstromberg opened 2 weeks ago
0
Add MBC (Malware Behavior Catalog) metadata to rules

#452 tstromberg opened 2 weeks ago
0
Measure if "threat_hunting" ruleset is worth the CPU cost

#451 tstromberg opened 2 weeks ago
0
refresh-sample-testdata refactor

#450 tstromberg closed 2 weeks ago
1
analyze subcommand misses files (recursion bug? parallelism bug?)

#449 tstromberg closed 2 weeks ago
5
Cache bincapz-samples repository to speed up subsequent tests

#448 egibs closed 2 weeks ago
1
Support bincapz configuration via environment variable or file

#447 egibs opened 2 weeks ago
0
Update third party rules, tighten base64_php_functions rule

#446 tstromberg closed 2 weeks ago
0
Cache bincapz-samples checkout

#445 tstromberg closed 2 weeks ago
0
Integrate JPCERT & TTC-CERT third party YARA rules

#444 tstromberg closed 2 weeks ago
0
Improve detection of droppers, stealers & obfuscated scripts

#443 tstromberg closed 2 weeks ago
0
Integrate JP-CERT YARA rules

#442 tstromberg closed 2 weeks ago
1
Bump golang.org/x/term from 0.23.0 to 0.24.0

#441 dependabot[bot] closed 3 weeks ago
0
Refactor bincapz around scan/analyze/diff subcommands

#440 tstromberg closed 2 weeks ago
3
programkind: Add .bat, .cpp, .dll, pyc

#439 tstromberg closed 3 weeks ago
0
Replace live OCI image pull with crane export

#438 egibs closed 2 weeks ago
2
Update third party rules

#437 tstromberg closed 3 weeks ago
0
Overhaul CLI functionality with urfave/cli

#436 egibs closed 2 weeks ago
0
Add nil checks when iterating over sync.Maps

#435 egibs closed 3 weeks ago
0
Infrequent nil pointer dereferences

#434 egibs closed 3 weeks ago
1
Add .xz archive support

#433 egibs closed 1 month ago
0
Update bincapz to v0.19.0

#432 octo-sts[bot] closed 1 month ago
0
Use new samples repo for tests; keep data separate and update path references

#431 egibs closed 1 month ago
2
Replace combined channel with slice

#430 egibs closed 1 month ago
0
Improve diff performance

#429 egibs closed 1 month ago
0
Replace OCI test image with crane extraction

#428 egibs closed 2 weeks ago
0
Improve detection of Python attacks similar to 'yocolor'

#427 tstromberg closed 1 month ago
2
Investigate diff performance

#426 egibs closed 1 month ago
2
Update bincapz to v0.18.2

#425 octo-sts[bot] closed 1 month ago
0
Make all map operations concurrency-safe; fix nested archive extraction

#424 egibs closed 1 month ago
2