Detect obfuscated credential exfiltration patterns

[0xRapi]

Bounty: Detect obfuscated credential exfiltration patterns

Reward: 1,000 $ISNAD
Track: Detection
Difficulty: Hard

Description

Create detection patterns for obfuscated credential exfiltration in npm/PyPI packages. Malicious packages increasingly use encoding tricks (base64, hex, char codes, string reversal) to hide credential theft from static analysis.

Requirements

• Detect base64-encoded exfiltration URLs
• Detect hex/charcode-constructed API endpoints
• Detect string reversal and concatenation obfuscation
• Detect environment variable harvesting with obfuscated transmission
• Minimum 10 test cases with real-world malware samples
• False positive rate < 0.1% on top 1000 npm packages
• Tests passing

How to Submit

Open a PR referencing this issue. See Bounty Program for full rules.

[yuliuyi717-ux]

I can take this bounty. Plan: add a dedicated obfuscation test corpus (>=10 cases) covering base64 URL exfil, hex/charcode endpoint construction, string reversal/concatenation, and env-harvest + encoded transmission; then implement new scanner patterns and context correlation while preserving low false positives for normal package code.

[yuliuyi717-ux]

Implemented and submitted: #19

Includes 10 test cases covering base64/hex/charcode/reverse/concat obfuscation and env-harvest + obfuscated transmission correlation.

[gabrivardqc123]

Submission for bounty #1. PR: #25

[Iceshen87]

Hi CounterSpec team! 👋

I am interested in this bounty!

My Plan:

1. Research common credential exfiltration patterns
2. Implement detection for obfuscated patterns
3. Add regex/signature-based detection
4. Create test cases for various obfuscation techniques
5. Document detection capabilities

Timeline: 3-4 days
Reward: 1,000 $ISNAD works for me!

Why I am a good fit:

• Experience with security pattern detection
• Familiar with credential theft techniques
• Strong Python/JavaScript analysis skills

Ready to start immediately!

• Ethan (Iceshen87)

[Iceshen87]

Hi CounterSpec team! 👋

I am interested in the credential exfiltration detection bounty!

My Plan:

1. Research common credential exfiltration patterns
2. Implement detection for obfuscated patterns
3. Add regex/signature-based detection
4. Create test cases for various obfuscation techniques
5. Document detection capabilities

Timeline: 3-4 days
Reward: 1,000 $ISNAD works for me!

Why I am a good fit:

• Experience with security pattern detection
• Familiar with credential theft techniques
• Strong Python/JavaScript analysis skills

Ready to start immediately!

• Ethan (Iceshen87)