> ## Documentation Index > Fetch the complete documentation index at: https://docs.binarly.io/llms.txt > Use this file to discover all available pages before exploring further. # Finding Classes Reference > Complete reference documentation for all finding classes generated by the Binarly analysis pipeline. ## Overview Finding classes are the detailed categorization of findings discovered during binary analysis. Each class has a unique identifier, description, and associated notes that indicate its behavior and purpose. For an overview of how classes are grouped into types for filtering, see [Finding Types & Classes](/resource-center/finding-types). ## Property Notes The following notes indicate special behaviors for finding classes: | Note | Description | | --------------- | ------------------------------------------------------------------------ | | `artefact` | Property represents or references an artefact discovered during analysis | | `auto-advisory` | Property can generate an advisory via the Binarly copilot service | | `deprecated` | Property is no longer generated by current analysis tools | | `experimental` | Property is in development; schema may change prior to release | | `informative` | Property is a finding without meaningful severity | | `internal` | Property is internal to analysis tools/platform | | `namespace` | Namespace of a group of properties emitted based on rules | | `aggregate` | Provides an aggregate summary of related findings | *** ## Vulnerability Classes ### Known Vulnerabilities | Class | Description | | --------------------------------------- | ----------------------------------------------------------------------------------------- | | `vulnerability/known-vulnerability` | Known vulnerability previously documented and catalogued | | `vulnerability/uefi/pkfail` | Untrusted or non-production Platform Key (PK) enabling Secure Boot reconfiguration | | `vulnerability/uefi/secure-boot-bypass` | Signature databases permit execution of known applications with code execution primitives | ### UEFI Zero-Day Vulnerabilities | Class | Description | | ----------------------------------------------------------------------- | ------------------------------------------------------------------ | | `vulnerability/uefi/dxe/arbitrary-write-via-pointer-via-nvram-variable` | DXE/SMM memory corruption via NVRAM variable pointer | | `vulnerability/uefi/pei/arbitrary-write-via-pointer-via-nvram-variable` | PEI memory corruption via NVRAM variable pointer | | `vulnerability/uefi/smram-write-via-pointer-via-nvram-variable` | SMRAM corruption via unchecked NVRAM variable pointer | | `vulnerability/uefi/smram-write-via-commbuffer` | SMRAM corruption via unchecked CommBuffer pointer | | `vulnerability/uefi/smram-write-via-global-buffer` | SMRAM corruption via global buffer outside SMRAM | | `vulnerability/uefi/smram-write-via-protocol` | SMRAM corruption via protocol interface outside SMRAM | | `vulnerability/uefi/smram-write-via-save-state` | SMRAM corruption via save state pointer | | `vulnerability/uefi/dxe/code-execution-via-pointer-via-nvram-variable` | DXE code execution via NVRAM variable function pointer | | `vulnerability/uefi/pei/code-execution-via-pointer-via-nvram-variable` | PEI code execution via NVRAM variable function pointer | | `vulnerability/uefi/smm-callout-via-pointer-via-nvram-variable` | SMM callout via NVRAM variable function pointer | | `vulnerability/uefi/smm-callout-via-boot-services` | SMM callout via UEFI Boot Services | | `vulnerability/uefi/smm-callout-via-commbuffer` | SMM callout via unchecked CommBuffer pointer | | `vulnerability/uefi/smm-callout-via-global-buffer` | SMM callout via global buffer outside SMRAM | | `vulnerability/uefi/smm-callout-via-protocol` | SMM callout via protocol interface outside SMRAM | | `vulnerability/uefi/smm-callout-via-runtime-services` | SMM callout via UEFI Runtime Services | | `vulnerability/uefi/smm-callout-via-save-state` | SMM callout via save state pointer | | `vulnerability/uefi/double-get-variable` | Buffer overflow via shared DataSize between GetVariable calls | | `vulnerability/uefi/pei-double-get-variable` | Buffer overflow via shared DataSize in PEI phase | | `vulnerability/uefi/smm-double-get-variable` | Buffer overflow via shared DataSize in SMM | | `vulnerability/uefi/get-set-variable` | Information disclosure via shared DataSize between Get/SetVariable | | `vulnerability/uefi/smm-get-set-variable` | SMRAM information disclosure via shared DataSize | | `vulnerability/uefi/unverified-boot-guard` | Intel Boot Guard verification could not be confirmed | | `vulnerability/uefi/leaked-boot-guard-km-key` | Leaked Intel Boot Guard Key Manifest private key | | `vulnerability/uefi/leaked-boot-guard-bpm-key` | Leaked Intel Boot Guard Boot Policy Manifest private key | *** ## Cryptographic Classes These classes map to the **Cryptographic Material** finding type and appear in the [Cryptographic Materials tab](/user-guides/image-scans/cryptographic-materials). They cover detected algorithms, protocols, certificate issues, and cryptographic key material across all analyzed binary components. For compliance status (weak, deprecated, quantum-vulnerable) for each algorithm, see the [Algorithm Compliance Reference](/resource-center/algorithm-compliance). ### Encryption Algorithms | Class | Algorithm | | ---------------------------------------- | ---------------- | | `crypto/algorithm/encryption/aes` | AES | | `crypto/algorithm/encryption/3des` | Triple DES | | `crypto/algorithm/encryption/des` | DES | | `crypto/algorithm/encryption/blowfish` | Blowfish | | `crypto/algorithm/encryption/twofish` | Twofish | | `crypto/algorithm/encryption/camellia` | Camellia | | `crypto/algorithm/encryption/cast5` | CAST5 | | `crypto/algorithm/encryption/curve25519` | Curve25519 | | `crypto/algorithm/encryption/idea` | IDEA | | `crypto/algorithm/encryption/rc2` | RC2 | | `crypto/algorithm/encryption/rc4` | RC4 | | `crypto/algorithm/encryption/rc5` | RC5 | | `crypto/algorithm/encryption/rc6` | RC6 | | `crypto/algorithm/encryption/rsa` | RSA (encryption) | | `crypto/algorithm/encryption/salsa20` | Salsa20 | | `crypto/algorithm/encryption/hc-128` | HC-128 | | `crypto/algorithm/encryption/sosemanuk` | Sosemanuk | | `crypto/algorithm/encryption/skipjack` | Skipjack | | `crypto/algorithm/encryption/tea` | TEA | | `crypto/algorithm/encryption/xtea` | XTEA | | `crypto/algorithm/encryption/xxtea` | XXTEA | | `crypto/algorithm/encryption/vest` | VEST | ### Hashing Algorithms | Class | Algorithm | | ------------------------------------- | ----------- | | `crypto/algorithm/hashing/md2` | MD2 | | `crypto/algorithm/hashing/md4` | MD4 | | `crypto/algorithm/hashing/md5` | MD5 | | `crypto/algorithm/hashing/sha1` | SHA-1 | | `crypto/algorithm/hashing/sha224` | SHA-224 | | `crypto/algorithm/hashing/sha256` | SHA-256 | | `crypto/algorithm/hashing/sha384` | SHA-384 | | `crypto/algorithm/hashing/sha512` | SHA-512 | | `crypto/algorithm/hashing/sha512-224` | SHA-512/224 | | `crypto/algorithm/hashing/sha512-256` | SHA-512/256 | | `crypto/algorithm/hashing/sha3-224` | SHA3-224 | | `crypto/algorithm/hashing/sha3-256` | SHA3-256 | | `crypto/algorithm/hashing/sha3-384` | SHA3-384 | | `crypto/algorithm/hashing/sha3-512` | SHA3-512 | | `crypto/algorithm/hashing/shake128` | SHAKE128 | | `crypto/algorithm/hashing/shake256` | SHAKE256 | | `crypto/algorithm/hashing/blake2b` | BLAKE2b | | `crypto/algorithm/hashing/blake2s` | BLAKE2s | | `crypto/algorithm/hashing/ripemd160` | RIPEMD-160 | | `crypto/algorithm/hashing/sm3` | SM3 | | `crypto/algorithm/hashing/tiger` | Tiger | | `crypto/algorithm/hashing/djb2` | DJB2 | | `crypto/algorithm/hashing/fnv` | FNV | | `crypto/algorithm/hashing/murmur3` | MurmurHash3 | ### Signing Algorithms | Class | Algorithm | | --------------------------------------- | ------------ | | `crypto/algorithm/signing/rsa` | RSA | | `crypto/algorithm/signing/rsa-sha256` | RSA-SHA256 | | `crypto/algorithm/signing/rsa-sha512` | RSA-SHA512 | | `crypto/algorithm/signing/dsa` | DSA | | `crypto/algorithm/signing/ecdsa-sha256` | ECDSA-SHA256 | | `crypto/algorithm/signing/ecdsa-sha384` | ECDSA-SHA384 | | `crypto/algorithm/signing/ecdsa-sha512` | ECDSA-SHA512 | | `crypto/algorithm/signing/ed25519` | Ed25519 | | `crypto/algorithm/signing/ed448` | Ed448 | | `crypto/algorithm/signing/sm2` | SM2 | ### Post-Quantum Signing Algorithms | Class | Algorithm | | -------------------------------------------- | ---------------------- | | `crypto/algorithm/signing/ml-dsa-44` | ML-DSA-44 | | `crypto/algorithm/signing/ml-dsa-65` | ML-DSA-65 | | `crypto/algorithm/signing/ml-dsa-87` | ML-DSA-87 | | `crypto/algorithm/signing/slh-dsa-sha2-128s` | SLH-DSA-SHA2-128s | | `crypto/algorithm/signing/slh-dsa-sha2-128f` | SLH-DSA-SHA2-128f | | `crypto/algorithm/signing/slh-dsa-sha2-192s` | SLH-DSA-SHA2-192s | | `crypto/algorithm/signing/slh-dsa-sha2-192f` | SLH-DSA-SHA2-192f | | `crypto/algorithm/signing/slh-dsa-sha2-256s` | SLH-DSA-SHA2-256s | | `crypto/algorithm/signing/slh-dsa-sha2-256f` | SLH-DSA-SHA2-256f | | `crypto/algorithm/signing/slh-dsa-shake-*` | SLH-DSA-SHAKE variants | ### MAC Algorithms | Class | Algorithm | | ---------------------------------- | ----------- | | `crypto/algorithm/mac/hmac-sha256` | HMAC-SHA256 | | `crypto/algorithm/mac/hmac-sha512` | HMAC-SHA512 | | `crypto/algorithm/mac/poly1305` | Poly1305 | ### Protocols | Class | Description | | -------------------------- | --------------------- | | `crypto/protocol/ssl/v2-0` | SSL v2.0 (insecure) | | `crypto/protocol/ssl/v3-0` | SSL v3.0 (insecure) | | `crypto/protocol/tls/v1-0` | TLS v1.0 (deprecated) | | `crypto/protocol/tls/v1-1` | TLS v1.1 (deprecated) | | `crypto/protocol/tls/v1-2` | TLS v1.2 | | `crypto/protocol/tls/v1-3` | TLS v1.3 | ### Certificate Issues | Class | Description | | -------------------------------- | ----------------------------------------------- | | `crypto/certificate/expired` | Certificate has expired | | `crypto/certificate/invalid` | Certificate has invalid parameters or structure | | `crypto/certificate/self-signed` | Self-signed certificate found | | `crypto/certificate/untrusted` | Certificate not signed by recognised CA | | `crypto/rsa/weak-key-parameters` | Weak RSA key parameters detected | *** ## Mitigation Classes ### General Mitigations | Class | Description | | ------------------------------------------- | --------------------------------- | | `mitigation/known-mitigation-failure` | Known security mitigation failure | | `mitigation/missing-control-flow-integrity` | Missing CFI (BTI/IBT) protections | | `mitigation/missing-stack-canaries` | Missing stack canary protection | ### UEFI Mitigations | Class | Description | | ---------------------------------------------------- | ----------------------------------------- | | `mitigation/uefi/memory-protection-misconfiguration` | Memory protection policy misconfiguration | | `mitigation/uefi/missing-rsb-stuffing` | Incomplete Return Stack Buffer stuffing | | `mitigation/uefi/outdated-dbx` | Outdated forbidden signature database | | `mitigation/uefi/outdated-amd-microcode-version` | Outdated AMD microcode | | `mitigation/uefi/outdated-intel-microcode-version` | Outdated Intel microcode | | `mitigation/uefi/vulnerable-amd-microcode-version` | Vulnerable AMD microcode | | `mitigation/uefi/vulnerable-intel-microcode-version` | Vulnerable Intel microcode | | `mitigation/uefi/pei/stack-guard-misconfiguration` | PEI StackGuard misconfiguration | | `mitigation/uefi/dxe/stack-guard-misconfiguration` | DXE StackGuard misconfiguration | | `mitigation/uefi/uefiplat-weak-configuration` | Weak UEFI platform configuration | | `mitigation/uefi/untrusted-ami-test-key` | Non-production AMI test key | | `mitigation/uefi/untrusted-insyde-test-key` | Non-production Insyde test key | | `mitigation/uefi/untrusted-phoenix-test-key` | Non-production Phoenix test key | | `mitigation/uefi/leaked-ami-test-key` | Leaked AMI test key (PKfail) | ### POSIX Mitigations | Class | Description | | ------------------------------------------ | ---------------------------------------- | | `mitigation/posix/fortify-source-disabled` | Fortify Source protection disabled | | `mitigation/posix/nx-disabled` | No eXecute (NX/DEP) disabled | | `mitigation/posix/relro-disabled` | RELRO disabled | | `mitigation/posix/relro-partially-enabled` | RELRO only partially enabled | | `mitigation/posix/pie-disabled` | Position Independent Executable disabled | *** ## Weakness Classes | Class | Description | | ----------------------------------------- | --------------------------------------------- | | `weakness/posix/not-stripped` | Binary contains symbol information | | `weakness/posix/rpath-set` | RPATH may allow arbitrary code execution | | `weakness/posix/runpath-set` | RUNPATH may allow arbitrary code execution | | `weakness/posix/unsafe-functions/summary` | Aggregate of unsafe function calls | | `weakness/linux/kernel-configuration` | Linux kernel hardening configuration findings | *** ## Secret Classes | Class | Description | | -------------------------- | --------------------------------------------------------- | | `secret/credentials` | Potential credentials for accessing restricted resources | | `secret/api-credentials` | Potential API credentials for unauthorised API calls | | `secret/oauth-credentials` | Potential OAuth credentials for application impersonation | | `secret/encryption-key` | Potential encryption key for decrypting protected data | | `secret/jwt-token` | Potential JWT token for accessing restricted resources | | `secret/webhook-url` | Potential Webhook URL for compromising workflows | | `secret/private-key` | Potential private key (experimental) | | `secret/generic` | Potentially sensitive data | *** ## Malware & Suspicious Classes ### Malware | Class | Description | | ----------------------------------- | ------------------------------------------------ | | `malware/known-threat` | Known malware threat | | `malware/malicious-behaviour` | Detection of potentially malicious behaviour | | `malware/uefi/implant-hook-install` | UEFI hook installations consistent with bootkits | ### Suspicious (UEFI) | Class | Description | | ------------------------------------- | ------------------------------------ | | `suspicious/uefi/resolve-imports` | PE parsing for resolving imports | | `suspicious/uefi/resolve-relocations` | PE parsing for resolving relocations | ### Suspicious (POSIX) | Class | Description | | ------------------------------------- | --------------------------------------------- | | `suspicious/posix/executable-data` | DATA segments with execute permissions | | `suspicious/posix/no-stdlib` | Binary doesn't use standard library | | `suspicious/posix/packed-elf` | Encrypted or compressed ELF binary | | `suspicious/posix/reverse-text` | Reverse Text Segment infection technique | | `suspicious/posix/ctors-dtors` | Suspicious constructor/destructor entries | | `suspicious/posix/dt-needed` | Modified DT\_DEBUG with suspicious DT\_NEEDED | | `suspicious/posix/entrypoint` | Suspicious entry point location | | `suspicious/posix/ifuncs` | Suspicious IFUNC resolvers | | `suspicious/posix/init-fini` | Suspicious DT\_INIT/DT\_FINI entries | | `suspicious/posix/plt-got` | Suspicious PLT stub entries | | `suspicious/posix/pt-note-conversion` | PT\_NOTE conversion infection | | `suspicious/posix/relocations` | Suspicious relocation table entries | | `suspicious/posix/text-padding` | Suspicious TEXT segment padding | *** ## Supply Chain Classes | Class | Description | | --------------------------------------- | --------------------------------- | | `supply-chain/known-supply-chain-issue` | Known supply chain security issue | *** ## Artefact Classes | Class | Description | | -------------------------------------- | --------------------------------------------- | | `artefact/uefi/boot-policy-manifest` | Intel Boot Guard Boot Policy Manifest | | `artefact/uefi/key-manifest` | Intel Boot Guard Key Manifest | | `artefact/crypto-certificate-material` | X.509 certificates found in component | | `artefact/crypto-key-material` | Cryptographic keys found in component | | `artefact/embedded-executable` | Embedded executable files | | `artefact/related-component` | Related components discovered during analysis | *** ## Metadata Classes Metadata classes provide informational context about the analysed component: * `metadata/relation/*` - Component relationships (contains, duplicates, linkage) * `metadata/analysis/*` - Analysis metadata (size limits, provenance) * `metadata/entropy/*` - Entropy analysis data * `metadata/symbols/*` - Symbol table information (DWARF, ELF, PDB) * `metadata/hardening/*` - Security hardening summaries * `metadata/signature/*` - File signature information * `metadata/environment/*` - Runtime environment information *** ## Related * [Finding Types & Classes](/resource-center/finding-types) - How classes are grouped into types for filtering * [Findings Scope](/user-guides/image-scans/findings-scope) - Configure which finding types are visible per product * [Cryptographic Detection](/resource-center/cryptographic-detection) - How cryptographic materials are detected * [Algorithm Compliance Reference](/resource-center/algorithm-compliance) - Compliance status for all algorithm classes * [Cryptographic Materials Tab](/user-guides/image-scans/cryptographic-materials) - Reviewing crypto findings in the UI