Dailydave mailing list archives
Re: OffensiveComputing
From: Thorsten Holz <thorsten.holz () mmweg rwth-aachen de>
Date: Mon, 12 Dec 2005 01:01:00 +0100
Dave Aitel wrote:
Another option is to run them in a sandbox, and just record their use of API's as a vector.
http://www-pi1.informatik.uni-mannheim.de/diplomas/show/45 The result of this thesis should be able to build such a signature. In addition, it can hopefully also extract the information about a botnet from a given binary, similar to what Norman's Sandbox can do now [http://sandbox.norman.no/live_2.html?logfile=446750]
Just some ideas. It's great to see a public collection of this stuff finally, because research is very hard to do without it.
At our lab, we are currently building a similar database: http://www-pi1.informatik.uni-mannheim.de/projects/malware Unfortunately, most things are currently br0ken since we move to another server :-/ The nepenthes site has some more information: http://nepenthes.sourceforge.net/stats and in the near future (TM) we will hopefully have a central server to which everything can submit his binaries. Cheers, Thorsten
Current thread:
- OffensiveComputing val smith (Dec 09)
- Re: OffensiveComputing Dan Moniz (Dec 09)
- Re: OffensiveComputing Dave Aitel (Dec 10)
- Re: OffensiveComputing val smith (Dec 10)
- Re: OffensiveComputing Thorsten Holz (Dec 11)
- Exploit development weirdness RaMatkal (Dec 27)
- Re: Exploit development weirdness Dave Aitel (Dec 27)
- Message not available
- Fwd: OffensiveComputing val smith (Dec 10)
- Message not available
- Re: OffensiveComputing val smith (Dec 10)
- <Possible follow-ups>
- Re: OffensiveComputing Jeffrey Denton (Dec 10)
- Re: OffensiveComputing val smith (Dec 10)
- Message not available
- Re: OffensiveComputing val smith (Dec 10)
- Re: OffensiveComputing val smith (Dec 10)