Re: VPC

["J.M. Seitz" <jms () bughunter ca>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey since everyone is having such a lively debate, and we all seem like
we wanna help, why not contribute? BoB (from PEid glory) and myself have
started a Malware and Unpacking Framework for ImmunityDebugger (MUFFI)
to help automate malware analysis tasks.

Some things that are in there so far:

- - lots of anti-anti debugging routines
- - VMWare cloaking
- - ummm...some other stuff

It's all done in Python and uses the native ImmDbg libraries to do its
business. We never really "released" it but we are always looking for
people to contribute to the source tree. If a piece of malware is using
a specific mechanism to do VM/sandbox detection, then write the reverse
and send us a patch!

http://muffi.googlecode.com/

JS

ps. You're never gonna win the war against malware, and yes the people
behind the monitor are the key. Hence, we should spend our time
enhancing the tools that we do have instead of having a running
commentary about how crappy a certain subset of tools are at dealing
with a particular subset of malware variants.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkfA6QIACgkQKEj7ZJktQNvTRgCgnI23Llt5dcR9aQ0317Zg7NhM
SscAni+RWmUM/hVu+s5QlHDa/4P0YgAR
=Ml12
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave