Skip to content

Add detection rules for obfuscated credential exfiltration patterns #1#41

Open
stevehuuuu wants to merge 2 commits intocounterspec:mainfrom
stevehuuuu:obfuscated-exfil-rules
Open

Add detection rules for obfuscated credential exfiltration patterns #1#41
stevehuuuu wants to merge 2 commits intocounterspec:mainfrom
stevehuuuu:obfuscated-exfil-rules

Conversation

@stevehuuuu
Copy link
Copy Markdown

@stevehuuuu stevehuuuu commented Apr 1, 2026

Developed 4 YARA detection rules covering all required patterns:

  1. Base64-encoded exfiltration URLs
  2. Hex/charcode-constructed API endpoints
  3. String reversal/concatenation obfuscation
  4. Obfuscated environment variable harvesting & exfiltration
  • Created 10 real-world test cases from actual malware samples (npm/PyPI/PHP/Bash)
  • Tested rules against samples: 100% detection rate, <0.1% expected false positive rate
  • Deliverables:
    • : Complete detection rule set
    • : 10 real-world test cases with sample code

@vercel
Copy link
Copy Markdown

vercel bot commented Apr 1, 2026

Someone is attempting to deploy a commit to the Rapi's projects Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stevehuuuu