ebook img

Muhammad Najmi Ahmad Zabidi - Hack in the Box PDF

29 Pages·2011·0.4 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Muhammad Najmi Ahmad Zabidi - Hack in the Box

SIGINT-HITB-KUL-2011 1/29 Compiling Features for Malicious Software Muhammad Najmi bin Ahmad Zabidi SIGINT HackInTheBox2011 KualaLumpur 12th Oct 2011 SIGINT-HITB-KUL-2011 2/29 Malware101 Malware in short is a software maliciousness is defined on the risks exposed to the user sometimes, when in vague, the term “Potentially Unwanted Program/Application” (PUP/PUA) being used SIGINT-HITB-KUL-2011 3/29 Malware101 Methods of detections Static analysis Dynamic analysis SIGINT-HITB-KUL-2011 4/29 Malware101 This talk is more static analysis SIGINT-HITB-KUL-2011 5/29 Staticanalysis Analysis of strings Important, although not foolproof Find interesting calls first Consideredstaticanalysis,sincenoexecutingofthebinary SIGINT-HITB-KUL-2011 6/29 Staticanalysis Methods to find interesting strings Use strings command (on *NIX systems) Editors Checking with Import Address Table (IAT) SIGINT-HITB-KUL-2011 7/29 Pythonasatool Python a scripting language a robust, powerful programming language SIGINT-HITB-KUL-2011 8/29 Pythonasatool My Python scripts Based from several existing Python scripts - malware analyzer, zerowine sandboxes,PE scanner I merged them and modified some parts so that it will be able to produce single page of report This tool is needed for my research work(bigger objective) Analysis of the binary while it is still packed SIGINT-HITB-KUL-2011 9/29 Pythonasatool Stuffs to look at “Interesting” Application Programming Interface-API calls Virtual Machine(VM) detector Outbound connect, especiall Internet Relay Chat-IRC commands. Possibbly a member of botnets SIGINT-HITB-KUL-2011 10/29 Pythonasatool python-pefile module Written by Ero Carrera python-pe provides quite a number of functions Everything can be dumped by printpe.dump_info()

Description:
Oct 12, 2011 12/29. Python as a tool. Looking at Dynamic Link Library -DLL. Some DLLs are interesting to look at, they contain functions that me be used for
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.