Wednesday, July 30, 2008

up too late

got a new gig! pretty exciting. getting to focus in on web app stuff, and am working w/ folk who have some talent and exp... just bein around, listening, and asking questions should help me learn plenty of good stuff.

i'm in corp world wearing a suit atm w/ the new gig, but it's just a disguise ;)



so, along that vein of blending in but being different, i stopped looking at webapps and went back to a project brought up at my local citysec a while back. basically a discussion over how to detect malware the way potter is talking about coming up in vegas (iiuc: looking at the extremities of the bell curve of network flows to identify malware).

so i got a vm to kick around and found some live malware which was described as running over http... i've got a lot of analysis to do, and who knows if i'll ever get to what i want w/ it, but it's been interesting (and of course, there were unintended consiquences ;). here's some excerpts in a .txt so the blog doesn't completely dork the formatting...
Posted by at
Labels: , , ,

2 comments:

Jens "jdm" Meyer said...

What malware was that? New-ish stuff? Older?

July 30, 2008 at 1:52 PM
rwnin said...

newish (around for a yearish?)... google around for http malware and it'll pop up. propagates via mail attachments...

August 5, 2008 at 1:14 AM

Post a Comment

Subscribe to: Post Comments (Atom)