Greetings,
I have lurked here long enough. I love this list and the perspective it brings.
I have a project idea of performing application security assessments on binaries of unknown or questionable origin using one specific objective:
Determining where in the code network calls are performed, then tracing back through the code to identify the destination address (hostname, IP, or other).
To me it seems that this is of most value, as any malware intent upon stealing data or being part of a botnet must communicate via the network at some point. Surely there are other innovative methods of communicating, but I am focused on the network connection.
Some of my security colleagues say that what I want to do is "too hard". To me, this translates to:
- It is an important problem to solve
- Hard problems are best solved by first properly characterizing the problem
- Once a hard problem is properly characterized, then solving it becomes much easier
While not directly related to language parsing, this list would seem to best understand my perspective on the problem.
Assume that the binary is capable of being reversed.
This brings me to my questions for the list:
1. Are you aware of anyone else that has tried to do this? If so, where can I find details?
2. Do you have any suggestions on where to start or how to go about properly modeling this problem?
3. Does anyone have the expertise and interest in pursuing such a project?
I would start with various tools that facilitate analysis using intermediate representation and control flow graph data...
Thanks,
John
LinkedIn.com\in\johnmwillis
_______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
