Does anyone out there have a userdb of packer signatures? (think peid) We have a working packer detector now that runs on anything thanks to the pelp project guys but its a little sparce on signatures. Ill be adding my own sigs but I thought i'd ask and see if anyone out there has any they are willing to donate. Sigs look like :
[Name of the Packer v1.0]
signature = 50 E8 ?? ?? ?? ?? 58 25 ?? F0 FF FF 8B C8 83 C1 60 51 83 C0 40 83 EA 06 52 FF 20 9D C3
ep_only = true
Offensive Computing is forming an alliance with Hakin9 magazine. Look for future comments and article reviews, etc.
hakin9 is a magazine about hacking and IT security, covering techniques of breaking into computer systems, defence and protection methods. Our magazine is useful for all those interested in hacking – both professionals (system administrators, security specialists) and hobbyists. The magazine is of Polish origin, it's also translated and published in other countries and language versions.
hakin9 offers an in-depth look at both attack and defense techniques and concentrates on difficult technical issues.
For all the hard work and submissions today. I think thats a record!
http://www.hacksrus.com/haxorbingo/who.php - somebody added valsmith to haxor bingo
http://www.cultdeadcow.com/cms/nsf_links.php3 - valsmith added to the Cult of the Dead Cow's links list
http://www.securityfocus.com/bid/14086/exploit - valsmith's metasploit module posted by security focus
http://analyzer.symantec.com/ - valsmith's phpbb exploit posted to the Symatec Deepsight threat page with a rating of 9
http://seclists.org/lists/bugtraq/2005/Dec/0307.html - Offensive Computing posted to Bugtraq
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-12/msg00567.html - Offensive Computing got posted to FullDisclosure
Sorry all, ive been extremely busy working on back end stuff and kind of burnt out lately, hence the lack of new malware posts. Several of you have sent me samples and Ill get working on them soon and some exciting new features are on the way.
Just a note in case it wasn't obvious. The policy of offensive computing is to "share" any contributions recieved by posting them on the site and potentially to A/V vendors unless explicitly told not to. Thanks,
Does anyone out there have any new malware? I have tons of old stuff im sloggin through but I'm kind of running low on new malware. My collectors pick up unlimited amounts of korgo but nothing really interesting. Aim stuff, new worms, anything? Anyone have anything they are trouble reversing or analysis like maybe with anti debugger code or something?
Ill do a full analysis with lots of info :)
Welcome to Patrick Stach (of md5collision and other fame) as a member of the Offensive Computing Team!
So whats going on with OffensiveComputing.
Well we have several thousand samples laying around, but I haven't posted them because:
We are busy writing automation tools, improving the OC interfaace and writing some new analysis tools. I really dont want to just post random samples to the site. I much prefer having some minimal analysis with them.
Weve gotten some great contributions which we REALLY appreciate.
Does anyone have any site interface sugguestions? We are happy to hear them, and just might use them.
Thanks for visiting the site, tell your friends!
From: "Anthony Aykut"
> Date: January 9, 2006 11:38:50 AM MST
> Subject: [Full-disclosure] MD:Pro - Malware Distribution Project
For information - On 01 February 2006 we will launch our Malware
> Distribution Project (MD:Pro) service, which will offer developers of
> security systems and anti-malware products a vast collection of
Too bad OC isnt charging.
I wonder if OC gets an honorary account?