If you discover a vulnerability, potential exploit, or security issue related to the samples or scripts in this repository, please report it responsibly. Do not run or share destructive samples on public systems. All testing should be done in isolated, sandboxed, or air‑gapped environments only.
We encourage ethical analysis and responsible sharing of insights. Avoid exposing any sensitive or personal data in reports.
When describing your finding, please include essential details such as:
- The environment used (e.g., OS version, virtual or physical system)
- When and how the behavior was observed
- A short summary of what occurred (avoid sensitive data)
- File details such as name, size, and non‑sensitive hashes (SHA256, etc.)
Please avoid attaching live samples or dangerous files directly in messages or uploads. If you must share one, use an encrypted or private method and only when explicitly requested.
Our approach to handling reports is simple:
- Every valid report will be reviewed carefully in a controlled lab setup.
- We do not execute destructive code outside secure environments.
- If the finding involves active threats or malicious use, it will be escalated appropriately.
We aim to analyze and respond promptly while prioritizing safety and transparency.
We respect reporter confidentiality and handle shared data responsibly. Any publication of results, samples, or findings will be coordinated and sanitized. We may anonymize data to protect privacy if information is made public.
If you come across a potentially destructive or unknown batch script:
- Disconnect affected systems immediately.
- Do not run or open the file further.
- Preserve evidence safely (logs, file copies, system state).
- Analyze only in a sandbox or report findings safely as described above.
In cases of ongoing harm or critical attacks, prioritize containment and local response over analysis. It’s important to stay safe and minimize further damage before proceeding with investigation.
Last updated: 2025‑10‑28