Binary Analysis
Entry point analysis Oct 28 2005 11:28AM
keydet89 yahoo com (1 replies)
Re: Entry point analysis Oct 28 2005 12:05PM
David Perez-Conde (david perez conde gmail com) (2 replies)
Re: Entry point analysis Oct 28 2005 12:15PM
Harlan Carvey (keydet89 yahoo com) (1 replies)
David,

> You may want to look at scans #32 and #33 at:
>
> http://www.honeynet.org/scans/index.html

Okay, I've gone back through some of the postings for
responses for both of the scans you point to...and I'm
not seeing anything that really points to what I'm
looking for.

Maybe I can try to be a little bit more clear...my
original question was "Is anyone pursuing entry point
analysis of PE files, particularly files that have
been obfuscated/compressed/encrypted?".

In scan #32, several of the recipients are pursuing
entry point "identification" (ie, locating the entry
point of the PE file) but as of yet, there doesn't
seem to be any *analysis* being done.

I'll try to be a little more specific...

Is anyone pursuing any work in analyzing the byte
sequences or code at the PE file entry point in order
identify the obfuscator, packer, encrypter, or
compiler used?

Thanks,

Harlan

------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------

[ reply ]
RE: Entry point analysis Oct 28 2005 03:14PM
Chris Eagle (cseagle redshift com)
Re: Entry point analysis Oct 28 2005 12:08PM
Harlan Carvey (keydet89 yahoo com) (1 replies)
Re: Entry point analysis Oct 28 2005 12:26PM
David Perez-Conde (david perez conde gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus