Nmap Development mailing list archives
Re: GSoC 2011 My Two Ideas
From: Eugene Melnichenko <my.email.eugene () gmail com>
Date: Wed, 23 Mar 2011 20:02:51 +0200
Hi!!!!! Now, in order: Definitions programming language and country of origin: As far as I know, the compiler makes an entry in the header of the executable file and the signature can be determined by the code of the initial installation. Possible countries of origin can try to determine on the comments in the code. Now about Possible threat category (keylogger, backdoor, etc.) and its level: I thought to make the original knowledge base, and once a week to update base new descriptions. If the user needs to the description, virus, spliots and etc. He chooses the necessary category and searches for necessary description. I also thought about the development of the scanner, in which this could all be realized (Definitions programming language and country of origin and Possible threat category (keylogger, backdoor, etc.) and its level). Knowledge base can be done separately (I think it will be useful). I have attached the files(documentation and my development(scanner). If they do not come tell me how send them to you? Eugene :) On 3/22/11, David Fifield <david () bamsoftware com> wrote:
On Tue, Mar 22, 2011 at 04:39:08PM +0200, Eugene Melnichenko wrote:Hi!!! It's Eugene :) I have a couple of proposals, they relate to the Project: Vulnerability and exploitation specialist and Malware detection scripts. Here: 1. Possible threat category (keylogger, backdoor, etc.) and its level (Malware detection). 2. What programming language was used, a possible country of origin, etc. (Malware and Exploit). What do you think about these ideas?These are good ideas. You will have to be more specific in your formal proposal. How will you identify things like programming language and country of origin? If it will be a database, explain what it will look like. It will help if you acn identify some specific vulnerabilities or malware that you will check for--noting that a particular piece of software is a keylogger is easier than detecting it in the first place. Be sure to check these pages: http://www.google-melange.com/gsoc/org/home/google/gsoc2011/nmap http://nmap.org/soc/ http://nmap.org/soc/GeneralRequirements.html http://nmap.org/soc/apply.html David Fifield
Attachment:
Scaner.zip
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- GSoC 2011 My Two Ideas Eugene Melnichenko (Mar 22)
- Re: GSoC 2011 My Two Ideas Jonathan R (Mar 22)
- Re: GSoC 2011 My Two Ideas David Fifield (Mar 22)
- Re: GSoC 2011 My Two Ideas Eugene Melnichenko (Mar 23)