[Dailydave] VPC
J.M. Seitz
jms at bughunter.ca
Sat Feb 23 22:48:18 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey since everyone is having such a lively debate, and we all seem like
we wanna help, why not contribute? BoB (from PEid glory) and myself have
started a Malware and Unpacking Framework for ImmunityDebugger (MUFFI)
to help automate malware analysis tasks.
Some things that are in there so far:
- - lots of anti-anti debugging routines
- - VMWare cloaking
- - ummm...some other stuff
It's all done in Python and uses the native ImmDbg libraries to do its
business. We never really "released" it but we are always looking for
people to contribute to the source tree. If a piece of malware is using
a specific mechanism to do VM/sandbox detection, then write the reverse
and send us a patch!
http://muffi.googlecode.com/
JS
ps. You're never gonna win the war against malware, and yes the people
behind the monitor are the key. Hence, we should spend our time
enhancing the tools that we do have instead of having a running
commentary about how crappy a certain subset of tools are at dealing
with a particular subset of malware variants.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkfA6QIACgkQKEj7ZJktQNvTRgCgnI23Llt5dcR9aQ0317Zg7NhM
SscAni+RWmUM/hVu+s5QlHDa/4P0YgAR
=Ml12
-----END PGP SIGNATURE-----
More information about the Dailydave
mailing list