Thomas Strömberg

icon indicating a website link https://stromberg.org/t/ icon indicating an email [email protected]

icon company codeHAPPY llc icon location Durham, NC, US icon location OSS (Systems|Security|Software) Engineer

Results 82 issues of Thomas Strömberg

Relocate ansible to internal node

It's currently managed by the firewall, which doesn't make much sense.

anisble: ensure that sshd prohibits password-based logins

Add reverse DNS for 2001:470:803d:cafe hosts

Need to setup figure out if I can delegate to name.com, or we need to run my own NS for this.

flag rename: min-level → min-risk, min-file-level → min-file-risk

The generic terminology of "level" and "score" was not self-describing. This changes our flags to specifically mention "risk". TODO(tstromberg): Add alias to avoid unnecessary breakage. Fixes #231

Rename *-level flags with *-risk

1 comment

It isn't obvious what the level flag references. --min-level should be --min-risk, for example

Create DEVELOPMENT.md

It should answer: - [ ] How to build bincapz - [ ] How to run tests - [ ] How to modify an existing rule - [ ] How...

documentation

Remove CRITICAL false positives for popular open-source projects

We're using Wolfi as a benchmark open-source repo. There are a dozen or so CRITICAL false positives that exist, mainly relating to Python code.

Improve rules based on Kaiji analysis

Reference: https://www.bitdefender.com/blog/hotforsecurity/kaiji-new-strain-iot-malware-seizing-control-launching-ddos-attacks/

Add detection for kSpreader artifacts

https://blog.xlab.qianxin.com/8220-k4spreader-new-tool-en/ There are some particular shell invocations that seem of interest.

Rename project?

6 comment

When this project first began, it focused on enumerating binaries' capabilities. It's since grown in two ways: - We've shifted capability detection to focus on those that may be used...