Michael Lazin via plug on 24 Feb 2021 08:28:47 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] possible topic


It may take me some time but I came up with a possible presentation topic.  I have found that rkhunter will tell you if a memory address is suspect, and I recently learned of a ghidra plugin which will work like grep to find examples of similar code in disassembler view that can be used to track where in the code it inserts malware into a memory address. 

https://github.com/Sentinel-One/VTgrepGHIDRA

This uses the virustotal API which I have been experimenting with at home and at work and it can be used to find similar patterns in already discovered malware and to report findings of new malware. 

I am interested in this enough that I would like to do a future presentation on this with no work done so far.  I just saw a presentation on this plugin and it instantly occured to me that it can be applied in conjunction with rkhunter. 

Thanks,

Michael Lazin

to gar auto estin noein te kai ennai
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug