Security Incidents mailing list archives
Re: Tools to analyze "captured" binaries?
From: karthik_krish76 () YAHOO COM (karthik krishnamurthy)
Date: Thu, 20 Apr 2000 21:32:41 -0700
--- Rob Lee <rob () KARRDE COM> wrote:
It is interesting to note that most "script kiddies" will compile programs straight from the "makefile" without adjusting the properties inside that file. For instance, the default for tfn (TRIBE FLOOD NETWORK) and some other programs compiles the program with debugging symbols. If a hacker is smart and he is good he will statically link his executable and then strip it. This would make the binary VERY hard to take apart. But luckily for us security types and forensic experts, most hackers do not go to this detail. But THE GOOD ONES WILL!!!
from the attacker's viewpoint, wont a statically linked trojan more conspicous because of its size. regards __________________________________________________ Do You Yahoo!? Send online invitations with Yahoo! Invites. http://invites.yahoo.com
Current thread:
- Tools to analyze "captured" binaries? Anton Chuvakin (Apr 19)
- (no subject) Peter Eriksson (Apr 20)
- (no subject) Del (Apr 20)
- Re: Tools to analyze "captured" binaries? Pavel Kankovsky (Apr 20)
- Re: Tools to analyze "captured" binaries? Rob Lee (Apr 20)
- <Possible follow-ups>
- Re: Tools to analyze "captured" binaries? Living Prophet of the GREAT GRUG (Apr 20)
- Re: Tools to analyze "captured" binaries? karthik krishnamurthy (Apr 20)
- Re: Tools to analyze "captured" binaries? Pavel Kankovsky (Apr 22)
- (no subject) Peter Eriksson (Apr 20)