Jump to content

Sdk to use in malware detection framework


Botmaster

Recommended Posts

Am a university researcher. Working on botnet detection.

Best tool for debug and disassembling is ida pro, anyone got its sdk? And exeinfo is a good tool for reverseaing to find packing unpacking of malwares in os, anyone got its sdk, or any similar powerful app u guys suggest?

Link to comment
Share on other sites

Just to clarify... You want to detect the malware after it's done the nasty to your target machine. Did I get that right?

Link to comment
Share on other sites

What you seem to need is some kind of honeypot software so you can safely acquire malware samples as they try to infect you. You need something which is pretty much iron clad, and you can upload malware samples to another computer with, and that you can roll back when it is infected. Once your computer is infected you cannot trust it again unless you have something which is capable of rolling it back. Plugging into the internet directly will infect you good in like 5 min. Most routers have a firewall built in, and many businesses have stand alone firewalls to protect users from these types of shenanigans. It basically doesn't allow inbound traffic which wasn't initiated by the the computers on your network. You can call out, people can't call in unless they have an invitation. If you get your computer infected without special software roll stuff back, then you will never be able to trust that computer again. Hackers change DLLs, EXEs, etc, basically the foundation of the OS. There are so many places to hide things in the Window's gray matter that it just isn't funny. For instance have you ever heard of alternate data streams? That's the one reason you don't put NTFS on your flash drives. A few years ago I bought the Malware Analyst's Cookbook, and a lot of it went over my head. If you go that route you will need some supplemental material, or perhaps a better written book. Good luck reversing!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...