http://secdocs.lonerunners.net Latest security documents RSS feed for author Ero Carrera en-us <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/869-ero-carrera">Ero Carrera</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/49-reverse-engineering">reverse engineering</a> <a href="http://secdocs.lonerunners.net/tags/details/218-python">python</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/68-black-hat-usa-2007">Black Hat USA 2007</a> <br/> Tue, 26 Apr 2011 20:43:38 +0200 http://secdocs.lonerunners.net/documents/details/3735-reverse-engineering-automation-with-python http://secdocs.lonerunners.net/documents/details/3735-reverse-engineering-automation-with-python <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/176-peter-silberman">Peter Silberman</a> <a href="http://secdocs.lonerunners.net/authors/details/869-ero-carrera">Ero Carrera</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/46-malware">malware</a> <a href="http://secdocs.lonerunners.net/tags/details/195-malware-analysis">malware analysis</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/41-black-hat-eu-2010">Black Hat EU 2010</a> <br/><b>Abstract</b>: Over the last few years malware has gravitated towards a few major families rather than the single or small-sized families of the past. Families of hundreds or even thousands are not uncommon. These families grouped together demonstrate the evolution of malware over time. This evolution may originate in simple bugfixes and small enhancements or entirely new sets of functionality added over an existing code base. Studying the ties between families, both within and across families, provides us with a context in which to study the development pace and technical improvements as they appear. We will examine how families grow and change amongst the mass malware and targeted attack malware. While examining how families grow and change we will attempt to identify features across all families that are both common and implemented in the same way. This could lead to quick static identification of malware features as well as signaturing these features. We hope to show how multiple families are derived from one code base, we will not just address mass malware, targeted malware but also rootkits and code sharing amongst them. Mon, 21 Jun 2010 06:02:36 +0200 http://secdocs.lonerunners.net/documents/details/2569-state-of-malware-family-ties http://secdocs.lonerunners.net/documents/details/2569-state-of-malware-family-ties <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/176-peter-silberman">Peter Silberman</a> <a href="http://secdocs.lonerunners.net/authors/details/869-ero-carrera">Ero Carrera</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/46-malware">malware</a> <a href="http://secdocs.lonerunners.net/tags/details/195-malware-analysis">malware analysis</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/41-black-hat-eu-2010">Black Hat EU 2010</a> <br/><b>Abstract</b>: Over the last few years malware has gravitated towards a few major families rather than the single or small-sized families of the past. Families of hundreds or even thousands are not uncommon. These families grouped together demonstrate the evolution of malware over time. This evolution may originate in simple bugfixes and small enhancements or entirely new sets of functionality added over an existing code base. Studying the ties between families, both within and across families, provides us with a context in which to study the development pace and technical improvements as they appear. We will examine how families grow and change amongst the mass malware and targeted attack malware. While examining how families grow and change we will attempt to identify features across all families that are both common and implemented in the same way. This could lead to quick static identification of malware features as well as signaturing these features. We hope to show how multiple families are derived from one code base, we will not just address mass malware, targeted malware but also rootkits and code sharing amongst them. Mon, 21 Jun 2010 02:12:24 +0200 http://secdocs.lonerunners.net/documents/details/2568-state-of-malware-family-ties http://secdocs.lonerunners.net/documents/details/2568-state-of-malware-family-ties