Dailydave mailing list archives
Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"!
From: Matt LeGrow <mlegrow () nfr com>
Date: Thu, 07 Jul 2005 16:08:58 -0400
H D Moore wrote:
The heart of the Malicious Code Protector is a disassembler engine that can examine network traffic and detect executable code (i.e., disassemble binary data into machine assembly language). This ability to detect executable code is related to the assumption that executable code is normally not allowed to traverse a network, with the exception of a few well known cases, such as an FTP transfer of an executable (*.exe) file.Boy this sounds an awful lot like fnord. Are they actually trying to patent a shellcode packet grepper? Because if so, someone should bring the prior art hammer down on them. Hard.Malicious Code Protector monitors data streams and looks for a sequence of data that the disassembler engine can translate into machine assembly language. This indicates the possible existence of executable code passing through a network. However, this alone is not sufficient when trying to determine whether a certain data stream contains executable code, let alone code of malicious nature.
Matt LeGrow NFR Rapid Response Team _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Tiago Assumpcao (Jul 06)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! H D Moore (Jul 06)
- Re: Check Point Invented (R)(TM) the great sand-boxingand now protects you against "Day0"! halvar (Jul 06)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Matt LeGrow (Jul 07)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! byte_jump (Jul 07)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Jonatan B (Jul 07)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Chris Anley (Jul 08)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Pete Herzog (Jul 08)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Daniel (Jul 08)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Karl-Heinz Kreis (Jul 08)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Steve Lord (Jul 08)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! H D Moore (Jul 06)