Nmap Development mailing list archives

Re: GSoC 2011 My Two Ideas

From: Eugene Melnichenko <my.email.eugene () gmail com>
Date: Wed, 23 Mar 2011 20:02:51 +0200

Hi!!!!!
Now, in order:
Definitions programming language and country of origin:
As far as I know, the compiler makes an entry in the header of the
executable file and the signature can be determined by the code of the
initial installation.
Possible countries of origin can try to determine on the comments in the code.

Now about Possible threat category (keylogger, backdoor, etc.) and its level:
I thought to make the original knowledge base, and once a week to
update base new descriptions.
If the user needs to the description, virus, spliots and etc.
He chooses the necessary category and searches for necessary description.

I also thought about the development of the scanner, in which this
could all be realized (Definitions programming language and country of
origin and Possible threat category (keylogger, backdoor, etc.) and
its level).
Knowledge base can be done separately (I think it will be useful).

I have attached the files(documentation and my development(scanner).
If they do not come tell me how send them to you?

Eugene :)
On 3/22/11, David Fifield <david () bamsoftware com> wrote:

On Tue, Mar 22, 2011 at 04:39:08PM +0200, Eugene Melnichenko wrote:

Hi!!!
It's Eugene :)
I have a couple of proposals, they relate to the Project:
Vulnerability and exploitation specialist and Malware detection
scripts.
Here:
1. Possible threat category (keylogger, backdoor, etc.) and its level
(Malware detection).
2. What programming language was used, a possible country of origin,
etc. (Malware and Exploit).
What do you think about these ideas?


These are good ideas. You will have to be more specific in your formal
proposal. How will you identify things like programming language and
country of origin? If it will be a database, explain what it will look
like. It will help if you acn identify some specific vulnerabilities or
malware that you will check for--noting that a particular piece of
software is a keylogger is easier than detecting it in the first place.

Be sure to check these pages:
      http://www.google-melange.com/gsoc/org/home/google/gsoc2011/nmap
      http://nmap.org/soc/
      http://nmap.org/soc/GeneralRequirements.html
      http://nmap.org/soc/apply.html

David Fifield

Attachment: Scaner.zip
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

GSoC 2011 My Two Ideas Eugene Melnichenko (Mar 22)
- Re: GSoC 2011 My Two Ideas Jonathan R (Mar 22)
- Re: GSoC 2011 My Two Ideas David Fifield (Mar 22)
  - Re: GSoC 2011 My Two Ideas Eugene Melnichenko (Mar 23)