Skip to content

Detect obfuscated credential exfiltration patterns #1

Description

@0xRapi

Bounty: Detect obfuscated credential exfiltration patterns

Reward: 1,000 $ISNAD
Track: Detection
Difficulty: Hard

Description

Create detection patterns for obfuscated credential exfiltration in npm/PyPI packages. Malicious packages increasingly use encoding tricks (base64, hex, char codes, string reversal) to hide credential theft from static analysis.

Requirements

  • Detect base64-encoded exfiltration URLs
  • Detect hex/charcode-constructed API endpoints
  • Detect string reversal and concatenation obfuscation
  • Detect environment variable harvesting with obfuscated transmission
  • Minimum 10 test cases with real-world malware samples
  • False positive rate < 0.1% on top 1000 npm packages
  • Tests passing

How to Submit

Open a PR referencing this issue. See Bounty Program for full rules.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions