Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.binarly.io/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Finding classes are the detailed categorization of findings discovered during binary analysis. Each class has a unique identifier, description, and associated notes that indicate its behavior and purpose. For an overview of how classes are grouped into types for filtering, see Finding Types & Classes.

Property Notes

The following notes indicate special behaviors for finding classes:
NoteDescription
artefactProperty represents or references an artefact discovered during analysis
auto-advisoryProperty can generate an advisory via the Binarly copilot service
deprecatedProperty is no longer generated by current analysis tools
experimentalProperty is in development; schema may change prior to release
informativeProperty is a finding without meaningful severity
internalProperty is internal to analysis tools/platform
namespaceNamespace of a group of properties emitted based on rules
aggregateProvides an aggregate summary of related findings

Vulnerability Classes

Known Vulnerabilities

ClassDescription
vulnerability/known-vulnerabilityKnown vulnerability previously documented and catalogued
vulnerability/uefi/pkfailUntrusted or non-production Platform Key (PK) enabling Secure Boot reconfiguration
vulnerability/uefi/secure-boot-bypassSignature databases permit execution of known applications with code execution primitives

UEFI Zero-Day Vulnerabilities

ClassDescription
vulnerability/uefi/dxe/arbitrary-write-via-pointer-via-nvram-variableDXE/SMM memory corruption via NVRAM variable pointer
vulnerability/uefi/pei/arbitrary-write-via-pointer-via-nvram-variablePEI memory corruption via NVRAM variable pointer
vulnerability/uefi/smram-write-via-pointer-via-nvram-variableSMRAM corruption via unchecked NVRAM variable pointer
vulnerability/uefi/smram-write-via-commbufferSMRAM corruption via unchecked CommBuffer pointer
vulnerability/uefi/smram-write-via-global-bufferSMRAM corruption via global buffer outside SMRAM
vulnerability/uefi/smram-write-via-protocolSMRAM corruption via protocol interface outside SMRAM
vulnerability/uefi/smram-write-via-save-stateSMRAM corruption via save state pointer
vulnerability/uefi/dxe/code-execution-via-pointer-via-nvram-variableDXE code execution via NVRAM variable function pointer
vulnerability/uefi/pei/code-execution-via-pointer-via-nvram-variablePEI code execution via NVRAM variable function pointer
vulnerability/uefi/smm-callout-via-pointer-via-nvram-variableSMM callout via NVRAM variable function pointer
vulnerability/uefi/smm-callout-via-boot-servicesSMM callout via UEFI Boot Services
vulnerability/uefi/smm-callout-via-commbufferSMM callout via unchecked CommBuffer pointer
vulnerability/uefi/smm-callout-via-global-bufferSMM callout via global buffer outside SMRAM
vulnerability/uefi/smm-callout-via-protocolSMM callout via protocol interface outside SMRAM
vulnerability/uefi/smm-callout-via-runtime-servicesSMM callout via UEFI Runtime Services
vulnerability/uefi/smm-callout-via-save-stateSMM callout via save state pointer
vulnerability/uefi/double-get-variableBuffer overflow via shared DataSize between GetVariable calls
vulnerability/uefi/pei-double-get-variableBuffer overflow via shared DataSize in PEI phase
vulnerability/uefi/smm-double-get-variableBuffer overflow via shared DataSize in SMM
vulnerability/uefi/get-set-variableInformation disclosure via shared DataSize between Get/SetVariable
vulnerability/uefi/smm-get-set-variableSMRAM information disclosure via shared DataSize
vulnerability/uefi/unverified-boot-guardIntel Boot Guard verification could not be confirmed
vulnerability/uefi/leaked-boot-guard-km-keyLeaked Intel Boot Guard Key Manifest private key
vulnerability/uefi/leaked-boot-guard-bpm-keyLeaked Intel Boot Guard Boot Policy Manifest private key

Cryptographic Classes

These classes map to the Cryptographic Material finding type and appear in the Cryptographic Materials tab. They cover detected algorithms, protocols, certificate issues, and cryptographic key material across all analyzed binary components. For compliance status (weak, deprecated, quantum-vulnerable) for each algorithm, see the Algorithm Compliance Reference.

Encryption Algorithms

ClassAlgorithm
crypto/algorithm/encryption/aesAES
crypto/algorithm/encryption/3desTriple DES
crypto/algorithm/encryption/desDES
crypto/algorithm/encryption/blowfishBlowfish
crypto/algorithm/encryption/twofishTwofish
crypto/algorithm/encryption/camelliaCamellia
crypto/algorithm/encryption/cast5CAST5
crypto/algorithm/encryption/curve25519Curve25519
crypto/algorithm/encryption/ideaIDEA
crypto/algorithm/encryption/rc2RC2
crypto/algorithm/encryption/rc4RC4
crypto/algorithm/encryption/rc5RC5
crypto/algorithm/encryption/rc6RC6
crypto/algorithm/encryption/rsaRSA (encryption)
crypto/algorithm/encryption/salsa20Salsa20
crypto/algorithm/encryption/hc-128HC-128
crypto/algorithm/encryption/sosemanukSosemanuk
crypto/algorithm/encryption/skipjackSkipjack
crypto/algorithm/encryption/teaTEA
crypto/algorithm/encryption/xteaXTEA
crypto/algorithm/encryption/xxteaXXTEA
crypto/algorithm/encryption/vestVEST

Hashing Algorithms

ClassAlgorithm
crypto/algorithm/hashing/md2MD2
crypto/algorithm/hashing/md4MD4
crypto/algorithm/hashing/md5MD5
crypto/algorithm/hashing/sha1SHA-1
crypto/algorithm/hashing/sha224SHA-224
crypto/algorithm/hashing/sha256SHA-256
crypto/algorithm/hashing/sha384SHA-384
crypto/algorithm/hashing/sha512SHA-512
crypto/algorithm/hashing/sha512-224SHA-512/224
crypto/algorithm/hashing/sha512-256SHA-512/256
crypto/algorithm/hashing/sha3-224SHA3-224
crypto/algorithm/hashing/sha3-256SHA3-256
crypto/algorithm/hashing/sha3-384SHA3-384
crypto/algorithm/hashing/sha3-512SHA3-512
crypto/algorithm/hashing/shake128SHAKE128
crypto/algorithm/hashing/shake256SHAKE256
crypto/algorithm/hashing/blake2bBLAKE2b
crypto/algorithm/hashing/blake2sBLAKE2s
crypto/algorithm/hashing/ripemd160RIPEMD-160
crypto/algorithm/hashing/sm3SM3
crypto/algorithm/hashing/tigerTiger
crypto/algorithm/hashing/djb2DJB2
crypto/algorithm/hashing/fnvFNV
crypto/algorithm/hashing/murmur3MurmurHash3

Signing Algorithms

ClassAlgorithm
crypto/algorithm/signing/rsaRSA
crypto/algorithm/signing/rsa-sha256RSA-SHA256
crypto/algorithm/signing/rsa-sha512RSA-SHA512
crypto/algorithm/signing/dsaDSA
crypto/algorithm/signing/ecdsa-sha256ECDSA-SHA256
crypto/algorithm/signing/ecdsa-sha384ECDSA-SHA384
crypto/algorithm/signing/ecdsa-sha512ECDSA-SHA512
crypto/algorithm/signing/ed25519Ed25519
crypto/algorithm/signing/ed448Ed448
crypto/algorithm/signing/sm2SM2

Post-Quantum Signing Algorithms

ClassAlgorithm
crypto/algorithm/signing/ml-dsa-44ML-DSA-44
crypto/algorithm/signing/ml-dsa-65ML-DSA-65
crypto/algorithm/signing/ml-dsa-87ML-DSA-87
crypto/algorithm/signing/slh-dsa-sha2-128sSLH-DSA-SHA2-128s
crypto/algorithm/signing/slh-dsa-sha2-128fSLH-DSA-SHA2-128f
crypto/algorithm/signing/slh-dsa-sha2-192sSLH-DSA-SHA2-192s
crypto/algorithm/signing/slh-dsa-sha2-192fSLH-DSA-SHA2-192f
crypto/algorithm/signing/slh-dsa-sha2-256sSLH-DSA-SHA2-256s
crypto/algorithm/signing/slh-dsa-sha2-256fSLH-DSA-SHA2-256f
crypto/algorithm/signing/slh-dsa-shake-*SLH-DSA-SHAKE variants

MAC Algorithms

ClassAlgorithm
crypto/algorithm/mac/hmac-sha256HMAC-SHA256
crypto/algorithm/mac/hmac-sha512HMAC-SHA512
crypto/algorithm/mac/poly1305Poly1305

Protocols

ClassDescription
crypto/protocol/ssl/v2-0SSL v2.0 (insecure)
crypto/protocol/ssl/v3-0SSL v3.0 (insecure)
crypto/protocol/tls/v1-0TLS v1.0 (deprecated)
crypto/protocol/tls/v1-1TLS v1.1 (deprecated)
crypto/protocol/tls/v1-2TLS v1.2
crypto/protocol/tls/v1-3TLS v1.3

Certificate Issues

ClassDescription
crypto/certificate/expiredCertificate has expired
crypto/certificate/invalidCertificate has invalid parameters or structure
crypto/certificate/self-signedSelf-signed certificate found
crypto/certificate/untrustedCertificate not signed by recognised CA
crypto/rsa/weak-key-parametersWeak RSA key parameters detected

Mitigation Classes

General Mitigations

ClassDescription
mitigation/known-mitigation-failureKnown security mitigation failure
mitigation/missing-control-flow-integrityMissing CFI (BTI/IBT) protections
mitigation/missing-stack-canariesMissing stack canary protection

UEFI Mitigations

ClassDescription
mitigation/uefi/memory-protection-misconfigurationMemory protection policy misconfiguration
mitigation/uefi/missing-rsb-stuffingIncomplete Return Stack Buffer stuffing
mitigation/uefi/outdated-dbxOutdated forbidden signature database
mitigation/uefi/outdated-amd-microcode-versionOutdated AMD microcode
mitigation/uefi/outdated-intel-microcode-versionOutdated Intel microcode
mitigation/uefi/vulnerable-amd-microcode-versionVulnerable AMD microcode
mitigation/uefi/vulnerable-intel-microcode-versionVulnerable Intel microcode
mitigation/uefi/pei/stack-guard-misconfigurationPEI StackGuard misconfiguration
mitigation/uefi/dxe/stack-guard-misconfigurationDXE StackGuard misconfiguration
mitigation/uefi/uefiplat-weak-configurationWeak UEFI platform configuration
mitigation/uefi/untrusted-ami-test-keyNon-production AMI test key
mitigation/uefi/untrusted-insyde-test-keyNon-production Insyde test key
mitigation/uefi/untrusted-phoenix-test-keyNon-production Phoenix test key
mitigation/uefi/leaked-ami-test-keyLeaked AMI test key (PKfail)

POSIX Mitigations

ClassDescription
mitigation/posix/fortify-source-disabledFortify Source protection disabled
mitigation/posix/nx-disabledNo eXecute (NX/DEP) disabled
mitigation/posix/relro-disabledRELRO disabled
mitigation/posix/relro-partially-enabledRELRO only partially enabled
mitigation/posix/pie-disabledPosition Independent Executable disabled

Weakness Classes

ClassDescription
weakness/posix/not-strippedBinary contains symbol information
weakness/posix/rpath-setRPATH may allow arbitrary code execution
weakness/posix/runpath-setRUNPATH may allow arbitrary code execution
weakness/posix/unsafe-functions/summaryAggregate of unsafe function calls
weakness/linux/kernel-configurationLinux kernel hardening configuration findings

Secret Classes

ClassDescription
secret/credentialsPotential credentials for accessing restricted resources
secret/api-credentialsPotential API credentials for unauthorised API calls
secret/oauth-credentialsPotential OAuth credentials for application impersonation
secret/encryption-keyPotential encryption key for decrypting protected data
secret/jwt-tokenPotential JWT token for accessing restricted resources
secret/webhook-urlPotential Webhook URL for compromising workflows
secret/private-keyPotential private key (experimental)
secret/genericPotentially sensitive data

Malware & Suspicious Classes

Malware

ClassDescription
malware/known-threatKnown malware threat
malware/malicious-behaviourDetection of potentially malicious behaviour
malware/uefi/implant-hook-installUEFI hook installations consistent with bootkits

Suspicious (UEFI)

ClassDescription
suspicious/uefi/resolve-importsPE parsing for resolving imports
suspicious/uefi/resolve-relocationsPE parsing for resolving relocations

Suspicious (POSIX)

ClassDescription
suspicious/posix/executable-dataDATA segments with execute permissions
suspicious/posix/no-stdlibBinary doesn’t use standard library
suspicious/posix/packed-elfEncrypted or compressed ELF binary
suspicious/posix/reverse-textReverse Text Segment infection technique
suspicious/posix/ctors-dtorsSuspicious constructor/destructor entries
suspicious/posix/dt-neededModified DT_DEBUG with suspicious DT_NEEDED
suspicious/posix/entrypointSuspicious entry point location
suspicious/posix/ifuncsSuspicious IFUNC resolvers
suspicious/posix/init-finiSuspicious DT_INIT/DT_FINI entries
suspicious/posix/plt-gotSuspicious PLT stub entries
suspicious/posix/pt-note-conversionPT_NOTE conversion infection
suspicious/posix/relocationsSuspicious relocation table entries
suspicious/posix/text-paddingSuspicious TEXT segment padding

Supply Chain Classes

ClassDescription
supply-chain/known-supply-chain-issueKnown supply chain security issue

Artefact Classes

ClassDescription
artefact/uefi/boot-policy-manifestIntel Boot Guard Boot Policy Manifest
artefact/uefi/key-manifestIntel Boot Guard Key Manifest
artefact/crypto-certificate-materialX.509 certificates found in component
artefact/crypto-key-materialCryptographic keys found in component
artefact/embedded-executableEmbedded executable files
artefact/related-componentRelated components discovered during analysis

Metadata Classes

Metadata classes provide informational context about the analysed component:
  • metadata/relation/* - Component relationships (contains, duplicates, linkage)
  • metadata/analysis/* - Analysis metadata (size limits, provenance)
  • metadata/entropy/* - Entropy analysis data
  • metadata/symbols/* - Symbol table information (DWARF, ELF, PDB)
  • metadata/hardening/* - Security hardening summaries
  • metadata/signature/* - File signature information
  • metadata/environment/* - Runtime environment information