I located a second tool for detecting Sha1-Hulud infections. Haven't looked at the details of how it works.
Some notes:
This one appears to have been released by CrowdStrike and was paywalled. Someone decided to modify and release it publicly so license is unknown.
But awesome to see I'm in the big leagues with CrowdStrike and I maybe the first clean open source release of a tool for this.
https://github.com/TimothyMeadows/sha1hulud-scanner
#Sha1Hulud #Sha1HuludScanner #NPM #nodejs #cybersecurity #opensource
The fork of the CrowdStrike scanner introduced me to a really good idea, I should support the same exit code design so that our tools can work in tandem.
Maybe we detect different things or maybe one vs the other works in your environment.
So I made an issue to track this support:
https://github.com/datapartyjs/walk-without-rhythm/issues/18
#CrowdStrike #Sha1HuludScanner #WalkWithoutRhythm #cybersecurity #npm #nodejs
