Re: Entry point analysisOct 28 2005 12:05PM David Perez-Conde (david perez conde gmail com) (2 replies)
You may want to look at scans #32 and #33 at:
http://www.honeynet.org/scans/index.html
HTH.
David.
---
David Perez - GSE
28oct05 14:06
On 28 Oct 2005 11:28:08 -0000, keydet89 (at) yahoo (dot) com [email concealed] <keydet89 (at) yahoo (dot) com [email concealed]> wrote:
> Is anyone pursuing entry point analysis of PE files, particularly files that have been obfuscated/compressed/encrypted?
>
> Does anyone have links to publicly available information on this topic?
>
> Thanks,
>
> H. Carvey
> "Windows Forensics and Incident Recovery"
> http://www.windows-ir.com
> http://windowsir.blogspot.com
>
http://www.honeynet.org/scans/index.html
HTH.
David.
---
David Perez - GSE
28oct05 14:06
On 28 Oct 2005 11:28:08 -0000, keydet89 (at) yahoo (dot) com [email concealed] <keydet89 (at) yahoo (dot) com [email concealed]> wrote:
> Is anyone pursuing entry point analysis of PE files, particularly files that have been obfuscated/compressed/encrypted?
>
> Does anyone have links to publicly available information on this topic?
>
> Thanks,
>
> H. Carvey
> "Windows Forensics and Incident Recovery"
> http://www.windows-ir.com
> http://windowsir.blogspot.com
>
[ reply ]