Dailydave mailing list archives

Re: OffensiveComputing

From: val smith <mvalsmith () gmail com>
Date: Sat, 10 Dec 2005 12:27:07 -0700

Yeh I suspect maybe someone from there saw the site and didn't understand
what the intent was. I guess wost case I get taken down, but I have like 6
offers to host me already so I don't think its a huge issue.

I'd be happy to work with CERT actuallly and share stuff back and forth. It
can only help the security community I think.

V.


On 12/10/05, Jeffrey Denton <dentonj () gmail com> wrote:

On a side note, apparently CERT has already issued a complaint to my ISP

to

have me taken down. I'll have to look into that one.


That's funny, considering they have one of the largest collections of
malware.

One of the tricks they use to identify malware is to run md5sums on each
of the ASCII strings found in a file.  They then do a little statistical
analysis every time something new comes in.  If the string content of
something new is a 90 - 95% match against some malware that's already been
analyzed, then it's more than likely a new variant.  The trick also works
when identifying morphing malware.

Current thread:

OffensiveComputing val smith (Dec 09)
- Re: OffensiveComputing Dan Moniz (Dec 09)
- Re: OffensiveComputing Dave Aitel (Dec 10)
  - Re: OffensiveComputing val smith (Dec 10)
  - Re: OffensiveComputing Thorsten Holz (Dec 11)
    - Exploit development weirdness RaMatkal (Dec 27)
    - Re: Exploit development weirdness Dave Aitel (Dec 27)
- Message not available
  - Fwd: OffensiveComputing val smith (Dec 10)
- Message not available
  - Re: OffensiveComputing val smith (Dec 10)
- <Possible follow-ups>
- Re: OffensiveComputing Jeffrey Denton (Dec 10)
  - Re: OffensiveComputing val smith (Dec 10)
    - Message not available
    - Re: OffensiveComputing val smith (Dec 10)