S, (Andy and Mike)
Yes, you've hit a couple of pertinent points; and it might make for an
interesting project.
However, I was looking for a check-list or similar which I can give to
the pertinent dev.teams to ensure that they are 'covering all the bases'
- whereas the question: "have you checked 'everything'?" produces a
rather predictable response.
I'm thinking someone wiser than I will have written these things down -
just can't find such...
On 28/07/17 02:25, S Walker wrote:
Exactly my point, yes- especially if one were to make a framework
designed to easily analyse such things (when it becomes much easier for
the malware because it for instance could just check whether the
framework is in the current env (as a super-trivial example- but any
framework that is easy to run is likely to be easy to adapt to for this
sort of code).
It'd certainly be feasible to check for outgoing calls though, at least
for relatively simple cases (on-import, when calling with particular
args), but I think the licensing, etc issues are probably easier to
solve-ish and maintain, so probably a better starting point. This is
just a gut feeling though- I've done this stuff manually in the past
when I've needed to.
Thanks,
S
On 27/07/17 14:41, Mike Eriksson wrote:
On Thu, Jul 27, 2017 at 2:39 PM Andy Robinson <a...@reportlab.com
<mailto:a...@reportlab.com>> wrote:
On 27 July 2017 at 15:33, S Walker <walke...@hotmail.co.uk
<mailto:walke...@hotmail.co.uk>> wrote:
> I suspect malicious phone-home (and other deliberately malicious
security)
> stuff would be very difficult to automatically test for
Presumably you want to spy on outbound network activity from your test
machine, rather than analysing code?
That is if they haven't written their code so it is aware of the
characteristics of 'malware analytics environments'. Basically it's
dormant if it thinks it is being observed. Something which is very
common these days. At least at the cutting edge of such things.
Cheers, Mike
_______________________________________________
python-uk mailing list
python-uk@python.org
https://mail.python.org/mailman/listinfo/python-uk
_______________________________________________
python-uk mailing list
python-uk@python.org
https://mail.python.org/mailman/listinfo/python-uk
--
Regards,
=dn
_______________________________________________
python-uk mailing list
python-uk@python.org
https://mail.python.org/mailman/listinfo/python-uk
