|
|
|
|
|
|
by ashishbijlani
404 days ago
|
|
|
Plug: I've been building a similar tool: https://github.com/ossillate-inc/packj Packj uses static+dynamic code/behavioral analysis to scan for indicators of compromise (e.g., spawning of shell, use of SSH keys, network communication, use of decode+eval, etc). It also checks for several metadata attributes to detect impersonating packages (typo squatting). |
|
|