[PLUG] possible topic

It may take me some time but I came up with a possible presentation topic. I have found that rkhunter will tell you if a memory address is suspect, and I recently learned of a ghidra plugin which will work like grep to find examples of similar code in disassembler view that can be used to track where in the code it inserts malware into a memory address.

https://github.com/Sentinel-One/VTgrepGHIDRA

This uses the virustotal API which I have been experimenting with at home and at work and it can be used to find similar patterns in already discovered malware and to report findings of new malware.

I am interested in this enough that I would like to do a future presentation on this with no work done so far. I just saw a presentation on this plugin and it instantly occured to me that it can be applied in conjunction with rkhunter.

Thanks,

Michael Lazin

to gar auto estin noein te kai ennai

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug