Hello CVEs, my old friends
I've come to deal with you again
Because a backdoor softly creeping...

Ops, sorry, we were singing out loudly. That's something we keep doing everytime a new vulnerability breaks in our daily routine. Lately, that has happened because of our software's dependencies, more and more often. Log4J, you say? Oh, well, let's not forget about XZUtils! Supply chain attacks, they call them. We started dealing with them to the rythm of SLSA (read "salsa"), but then we noticed that we could do more. A lot more! And we turned our malicious binaries into...well, waveforms, music. And we started rocking them! By reading those binaries like if they were normal waveforms, and by analyzing them with some math (Cepstum, Fourier series, etc.) we created a model that aims to detect if a dependency is malicious. And also, to classify it by the type of malware. Fascinating, isn't it? The sound of malware...