http://secdocs.lonerunners.net Latest security documents RSS feed for author Peter Silberman en-us <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/1201-jamie-butler">Jamie Butler</a> <a href="http://secdocs.lonerunners.net/authors/details/176-peter-silberman">Peter Silberman</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/278-rootkit">rootkit</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/96-black-hat-eu-2006">Black Hat EU 2006</a> <br/> Sat, 14 Jan 2012 20:46:17 +0100 http://secdocs.lonerunners.net/documents/details/4747-raide-rootkit-analysis-identification-elimination http://secdocs.lonerunners.net/documents/details/4747-raide-rootkit-analysis-identification-elimination <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/176-peter-silberman">Peter Silberman</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/278-rootkit">rootkit</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/95-black-hat-usa-2006">Black Hat USA 2006</a> <br/> Wed, 11 Jan 2012 06:40:32 +0100 http://secdocs.lonerunners.net/documents/details/4715-raide-rootkit-analysis-identification-elimination-v10 http://secdocs.lonerunners.net/documents/details/4715-raide-rootkit-analysis-identification-elimination-v10 <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/176-peter-silberman">Peter Silberman</a> <a href="http://secdocs.lonerunners.net/authors/details/1276-richard-johnson">Richard Johnson</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/27-buffer-overflow">buffer overflow</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/88-black-hat-usa-2004">Black Hat USA 2004</a> <br/> Wed, 07 Dec 2011 21:46:04 +0100 http://secdocs.lonerunners.net/documents/details/4506-a-comparison-buffer-overflow-prevention-implementations--weaknesses http://secdocs.lonerunners.net/documents/details/4506-a-comparison-buffer-overflow-prevention-implementations--weaknesses <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/176-peter-silberman">Peter Silberman</a> <a href="http://secdocs.lonerunners.net/authors/details/1276-richard-johnson">Richard Johnson</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/27-buffer-overflow">buffer overflow</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/88-black-hat-usa-2004">Black Hat USA 2004</a> <br/> Wed, 07 Dec 2011 06:46:09 +0100 http://secdocs.lonerunners.net/documents/details/4505-a-comparison-buffer-overflow-prevention-implementations--weaknesses http://secdocs.lonerunners.net/documents/details/4505-a-comparison-buffer-overflow-prevention-implementations--weaknesses <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/176-peter-silberman">Peter Silberman</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/46-malware">malware</a> <a href="http://secdocs.lonerunners.net/tags/details/195-malware-analysis">malware analysis</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/15-black-hat-dc-2009">Black Hat DC 2009</a> <br/> Sat, 14 Aug 2010 10:04:00 +0200 http://secdocs.lonerunners.net/documents/details/2808-snort-my-memory http://secdocs.lonerunners.net/documents/details/2808-snort-my-memory <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/176-peter-silberman">Peter Silberman</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/46-malware">malware</a> <a href="http://secdocs.lonerunners.net/tags/details/195-malware-analysis">malware analysis</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/15-black-hat-dc-2009">Black Hat DC 2009</a> <br/> Sat, 14 Aug 2010 10:04:00 +0200 http://secdocs.lonerunners.net/documents/details/2810-snort-my-memory http://secdocs.lonerunners.net/documents/details/2810-snort-my-memory <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/176-peter-silberman">Peter Silberman</a> <a href="http://secdocs.lonerunners.net/authors/details/869-ero-carrera">Ero Carrera</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/46-malware">malware</a> <a href="http://secdocs.lonerunners.net/tags/details/195-malware-analysis">malware analysis</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/41-black-hat-eu-2010">Black Hat EU 2010</a> <br/><b>Abstract</b>: Over the last few years malware has gravitated towards a few major families rather than the single or small-sized families of the past. Families of hundreds or even thousands are not uncommon. These families grouped together demonstrate the evolution of malware over time. This evolution may originate in simple bugfixes and small enhancements or entirely new sets of functionality added over an existing code base. Studying the ties between families, both within and across families, provides us with a context in which to study the development pace and technical improvements as they appear. We will examine how families grow and change amongst the mass malware and targeted attack malware. While examining how families grow and change we will attempt to identify features across all families that are both common and implemented in the same way. This could lead to quick static identification of malware features as well as signaturing these features. We hope to show how multiple families are derived from one code base, we will not just address mass malware, targeted malware but also rootkits and code sharing amongst them. Mon, 21 Jun 2010 06:02:36 +0200 http://secdocs.lonerunners.net/documents/details/2569-state-of-malware-family-ties http://secdocs.lonerunners.net/documents/details/2569-state-of-malware-family-ties <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/176-peter-silberman">Peter Silberman</a> <a href="http://secdocs.lonerunners.net/authors/details/869-ero-carrera">Ero Carrera</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/46-malware">malware</a> <a href="http://secdocs.lonerunners.net/tags/details/195-malware-analysis">malware analysis</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/41-black-hat-eu-2010">Black Hat EU 2010</a> <br/><b>Abstract</b>: Over the last few years malware has gravitated towards a few major families rather than the single or small-sized families of the past. Families of hundreds or even thousands are not uncommon. These families grouped together demonstrate the evolution of malware over time. This evolution may originate in simple bugfixes and small enhancements or entirely new sets of functionality added over an existing code base. Studying the ties between families, both within and across families, provides us with a context in which to study the development pace and technical improvements as they appear. We will examine how families grow and change amongst the mass malware and targeted attack malware. While examining how families grow and change we will attempt to identify features across all families that are both common and implemented in the same way. This could lead to quick static identification of malware features as well as signaturing these features. We hope to show how multiple families are derived from one code base, we will not just address mass malware, targeted malware but also rootkits and code sharing amongst them. Mon, 21 Jun 2010 02:12:24 +0200 http://secdocs.lonerunners.net/documents/details/2568-state-of-malware-family-ties http://secdocs.lonerunners.net/documents/details/2568-state-of-malware-family-ties <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/176-peter-silberman">Peter Silberman</a> <a href="http://secdocs.lonerunners.net/authors/details/500-steve-davis">Steve Davis</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/8-forensic">forensic</a> <a href="http://secdocs.lonerunners.net/tags/details/80-metasploit">Metasploit</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/30-black-hat-usa-2009">Black Hat USA 2009</a> <br/> Sat, 19 Sep 2009 20:21:00 +0200 http://secdocs.lonerunners.net/documents/details/1308-metasploit-autopsy-reconstructing-the-crime-scene http://secdocs.lonerunners.net/documents/details/1308-metasploit-autopsy-reconstructing-the-crime-scene <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/176-peter-silberman">Peter Silberman</a> <a href="http://secdocs.lonerunners.net/authors/details/500-steve-davis">Steve Davis</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/8-forensic">forensic</a> <a href="http://secdocs.lonerunners.net/tags/details/80-metasploit">Metasploit</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/30-black-hat-usa-2009">Black Hat USA 2009</a> <br/> Sat, 19 Sep 2009 20:19:00 +0200 http://secdocs.lonerunners.net/documents/details/1307-metasploit-autopsy-reconstructing-the-crime-scene http://secdocs.lonerunners.net/documents/details/1307-metasploit-autopsy-reconstructing-the-crime-scene <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/176-peter-silberman">Peter Silberman</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/46-malware">malware</a> <a href="http://secdocs.lonerunners.net/tags/details/195-malware-analysis">malware analysis</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/15-black-hat-dc-2009">Black Hat DC 2009</a> <br/> Mon, 02 Mar 2009 01:32:00 +0100 http://secdocs.lonerunners.net/documents/details/407-snort-my-memory http://secdocs.lonerunners.net/documents/details/407-snort-my-memory <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/176-peter-silberman">Peter Silberman</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/46-malware">malware</a> <a href="http://secdocs.lonerunners.net/tags/details/195-malware-analysis">malware analysis</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/15-black-hat-dc-2009">Black Hat DC 2009</a> <br/> Mon, 02 Mar 2009 00:59:00 +0100 http://secdocs.lonerunners.net/documents/details/406-snort-my-memory http://secdocs.lonerunners.net/documents/details/406-snort-my-memory