issues
search
chainguard-dev
/
malcontent
detect malicious program behaviors
Apache License 2.0
407
stars
26
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Add support for rule overrides; ignore "false_positive" and "ignore" tags by default
#473
egibs
opened
51 minutes ago
0
Bump actions/checkout from 4.1.7 to 4.2.0 in the all group
#472
dependabot[bot]
opened
15 hours ago
0
Provide override rules that lower the priority of matches
#471
tstromberg
opened
4 days ago
2
[WIP] Rewrite commit history to remove large samples
#470
egibs
opened
5 days ago
0
Add --processes flag to scan active process commands
#469
egibs
closed
5 days ago
0
Add --processes flag to scan active process commands
#468
egibs
closed
5 days ago
1
Update malcontent to v1.0.1
#467
octo-sts[bot]
closed
1 week ago
0
Explicitly check for "mal" binary name when ignoring self
#466
egibs
closed
1 week ago
0
Update malcontent to v1.0.0
#465
octo-sts[bot]
closed
1 week ago
0
bincapz is now malcontent
#464
egibs
closed
1 week ago
0
refresh testdata: include scan_archive testdata
#463
tstromberg
closed
1 week ago
0
Check if frs Map is nil before ranging over it
#462
egibs
closed
2 weeks ago
0
Don't return after encountering a report with lower than minimum risk
#461
egibs
closed
2 weeks ago
0
VirusTotal YARA-CI - false negatives found
#460
tstromberg
opened
2 weeks ago
0
Bump step-security/harden-runner from 2.9.1 to 2.10.1 in the all group
#459
dependabot[bot]
closed
2 weeks ago
0
action.errIfHitOrMiss: panic: runtime error: invalid memory address or nil pointer dereference
#458
tstromberg
closed
2 weeks ago
1
Add shorter output format for 'scan' mode
#457
tstromberg
closed
2 weeks ago
0
Improve JS/Python malware detection based on NPM/PyPI samples
#456
tstromberg
closed
1 week ago
2
hadooken: Improve shell, python, and powershell dropper detection
#455
tstromberg
closed
2 weeks ago
2
Add "filetypes" metadata to rules
#454
tstromberg
opened
2 weeks ago
3
Add MITRE ATT&CK metadata to rules
#453
tstromberg
opened
2 weeks ago
0
Add MBC (Malware Behavior Catalog) metadata to rules
#452
tstromberg
opened
2 weeks ago
0
Measure if "threat_hunting" ruleset is worth the CPU cost
#451
tstromberg
opened
2 weeks ago
0
refresh-sample-testdata refactor
#450
tstromberg
closed
2 weeks ago
1
analyze subcommand misses files (recursion bug? parallelism bug?)
#449
tstromberg
closed
2 weeks ago
5
Cache bincapz-samples repository to speed up subsequent tests
#448
egibs
closed
2 weeks ago
1
Support bincapz configuration via environment variable or file
#447
egibs
opened
2 weeks ago
0
Update third party rules, tighten base64_php_functions rule
#446
tstromberg
closed
2 weeks ago
0
Cache bincapz-samples checkout
#445
tstromberg
closed
2 weeks ago
0
Integrate JPCERT & TTC-CERT third party YARA rules
#444
tstromberg
closed
2 weeks ago
0
Improve detection of droppers, stealers & obfuscated scripts
#443
tstromberg
closed
2 weeks ago
0
Integrate JP-CERT YARA rules
#442
tstromberg
closed
2 weeks ago
1
Bump golang.org/x/term from 0.23.0 to 0.24.0
#441
dependabot[bot]
closed
3 weeks ago
0
Refactor bincapz around scan/analyze/diff subcommands
#440
tstromberg
closed
2 weeks ago
3
programkind: Add .bat, .cpp, .dll, pyc
#439
tstromberg
closed
3 weeks ago
0
Replace live OCI image pull with crane export
#438
egibs
closed
2 weeks ago
2
Update third party rules
#437
tstromberg
closed
3 weeks ago
0
Overhaul CLI functionality with urfave/cli
#436
egibs
closed
2 weeks ago
0
Add nil checks when iterating over sync.Maps
#435
egibs
closed
3 weeks ago
0
Infrequent nil pointer dereferences
#434
egibs
closed
3 weeks ago
1
Add .xz archive support
#433
egibs
closed
1 month ago
0
Update bincapz to v0.19.0
#432
octo-sts[bot]
closed
1 month ago
0
Use new samples repo for tests; keep data separate and update path references
#431
egibs
closed
1 month ago
2
Replace combined channel with slice
#430
egibs
closed
1 month ago
0
Improve diff performance
#429
egibs
closed
1 month ago
0
Replace OCI test image with crane extraction
#428
egibs
closed
2 weeks ago
0
Improve detection of Python attacks similar to 'yocolor'
#427
tstromberg
closed
1 month ago
2
Investigate diff performance
#426
egibs
closed
1 month ago
2
Update bincapz to v0.18.2
#425
octo-sts[bot]
closed
1 month ago
0
Make all map operations concurrency-safe; fix nested archive extraction
#424
egibs
closed
1 month ago
2
Next