Dailydave mailing list archives

Re: OffensiveComputing

From: Thorsten Holz <thorsten.holz () mmweg rwth-aachen de>
Date: Mon, 12 Dec 2005 01:01:00 +0100

Dave Aitel wrote:

Another option is to run them in a sandbox, and just record their use
of API's as a vector.


http://www-pi1.informatik.uni-mannheim.de/diplomas/show/45

The result of this thesis should be able to build such a signature. In
addition, it can hopefully also extract the information about a botnet
from a given binary, similar to what Norman's Sandbox can do now
[http://sandbox.norman.no/live_2.html?logfile=446750]

Just some ideas. It's great to see a public collection of this stuff 
finally, because research is very hard to do without it.


At our lab, we are currently building a similar database:
http://www-pi1.informatik.uni-mannheim.de/projects/malware

Unfortunately, most things are currently br0ken since we move to another
server :-/ The nepenthes site has some more information:
http://nepenthes.sourceforge.net/stats and in the near future (TM) we
will hopefully have a central server to which everything can submit his
binaries.

Cheers,
  Thorsten

Current thread:

OffensiveComputing val smith (Dec 09)
- Re: OffensiveComputing Dan Moniz (Dec 09)
- Re: OffensiveComputing Dave Aitel (Dec 10)
  - Re: OffensiveComputing val smith (Dec 10)
  - Re: OffensiveComputing Thorsten Holz (Dec 11)
    - Exploit development weirdness RaMatkal (Dec 27)
    - Re: Exploit development weirdness Dave Aitel (Dec 27)
- Message not available
  - Fwd: OffensiveComputing val smith (Dec 10)
- Message not available
  - Re: OffensiveComputing val smith (Dec 10)
- <Possible follow-ups>
- Re: OffensiveComputing Jeffrey Denton (Dec 10)
  - Re: OffensiveComputing val smith (Dec 10)
    - Message not available
    - Re: OffensiveComputing val smith (Dec 10)