Skip navigation.


Posting to Sourceforge in Process

The tool mentioned in previous post will be presented at DefCon and released via sourceforge. The intent is to make the suite usable for larger analysis vs. the prototype analysis present in my thesis topic. As soon as I have the registration for the sourceforge project completed, I will post the project link here.

Special thanks to Valsmith and Chamuco for providing the source malware for my thesis as well as some reverse engineering pointers.

binBLAST presentation at DefCon

You gotta be kidding!

The world doesn't need a blog from me...
Now go find something usefull to do.

I need help!!!!!!!!

I am very new to this and I feel very unsecure when I set down at my system. Is there anyone who might take a minuite to show me some quick tips besides the stuff microsoft already shows you online. I would really like to learn and see communication using an open port. I just dont understand .

For consideration

I suppose this is a question to everyone reading this blog. If you were to have a tool that could locate similar instruction sequences in some large database, say all of the binaries on an installation, what would you like to see it do?

Based on the work/analysis of valsmith and others, I'm going to start by seeing if Win32.Klez has anything in common with Ubuntu, SuSE, and Mandrake.*

As I don't expect that to return any results, does anyone have any good Linux malware w/ analysis?

* Yes, I do realize that I'm doing a cross-platform analysis. Unfortunately, the people funding my research will not let me assume the risk for analysis of Windows.

New Security Analysis Tool

As I don't know exactly where to begin, I will begin in medias res. I've been spending some time now on a number of techniques to automate portions of reverse engineering for security analysis most of which have been inspired by bioinformatics-type approaches. I don't have any succinct documentation to this point in time, but that will change in the next two-to-three weeks.


this is just a test - there is nothing more to see here.

It's not that I'm an uninteresting person, mind you. I just don't care about providing a level of entertainment for you, dear user. It's not that I don't like you, per se. It's just that I don't care.

BTW: You look great today. I've not seen a more attractive smile amongst the other humans.

rock on.

My First Blog

print "Hello, world!\n";

New to malware research...............

Hi All

I am new to malware research.
Can anyone suggest me form where i should start.
Wat are the common tools and from where i can download it with documents.

Please help me getting all these.
Thanks and regards,

First to this site on special day for security...

want to know I can get from and offer to sites ....

Snort Rules for Detecting Dasher, sdbot, and bad netblocks

alert tcp $HOME_NET any -> $EXTERNAL_NET 6667 (content:"rain357"; nocase; msg:"[OFFENSIVE COMPUTING]Dasher variant phoning home to IRC server";sid:66600001;rev:1)

alert tcp $HOME_NET 5262 -> $EXTERNAL_NET any (flags:S;msg:"[OFFENSIVE COMPUTING]Dasher Variant SYN scanning home";sid:66600002;rev:1)

alert tcp $HOME_NET any -> 80 (msg:"[OFFENSIVE COMPUTING] HTTP connection to known malware provider for WMF exploit";sid:66600003;rev:1;)

alert tcp $HOME_NET any -> 80 (msg:"[OFFENSIVE COMPUTING] HTTP connection to known malware provider downloading sdbot05b.jpg for WMF exploit";content:"sdbot05b.jpg";nocase;sid:66600004;rev:1;)

Syndicate content