(Sys)Call Me Maybe: Exploring Malware Syscalls with PANDA

from blog Push the Red Button, | ↗ original
System calls are of great interest to researchers studying malware, because they are the only way that malware can have any effect on the world – writing files to the hard drive, manipulating the registry, sending network packets, and so on all must be done by making a call into the kernel. In Windows, the system call interface is not publicly...
This is a short summary. ↗ Open original to view full content

Related

Systemd is not Magic Security Dust
Andrew Ayer - Blog | original ↗
Writing an x86 emulator from scratch in JavaScript: 2. system calls
Notes on software development | original ↗
PANDA VM Update October 2015
Push the Red Button | original ↗
One Weird Trick to Shrink Your PANDA Malware Logs by 84%
Push the Red Button | original ↗
PANDA VM Update April 2015
Push the Red Button | original ↗
100 Days of Malware
Push the Red Button | original ↗
Reproducible Malware Analyses for All
Push the Red Button | original ↗
Replaying Regin in PANDA
Push the Red Button | original ↗
Breaking Spotify DRM with PANDA
Push the Red Button | original ↗
Announcing PANDA: A Platform for Architecture-Neutral Dynamic Analysis
Push the Red Button | original ↗

More from Push the Red Button

Someone’s Been Messing With My Subnormals!
7 Sept 2022 | original ↗

TL;DR: After noticing an annoying warning, I went on an absurd yak shave, and discovered that because of a tiny handful of Python packages built with an appealing-sounding but dangerous compiler option, more than 2,500 Python packages—some with more than a million downloads per month—could end up causing any program that uses them to compute...

On Building 30K Debian Packages
5 Feb 2022 | original ↗

As part of my ongoing attempts to create some nice datasets for training large code models for C/C++, I've recently been attempting to build every package in Debian Unstable from source using bear to log the compilation and generate a compile_commands.json database for each build. Since it's not possible, in general, to parse C/C++ code without...

A couple ideas that went nowhere
17 Oct 2018 | original ↗

I suspect a lot of people in academia end up having a lot of ideas and projects that went nowhere for any number of reasons – maybe there were insurmountable technical challenges, maybe the right person to work on it never materialized, or maybe it just got crowded out by other projects and never picked back up. Here are a couple of mine. For...

Of Bugs and Baselines
20 Mar 2018 | original ↗

Summary: recently published results on the LAVA-M synthetic bug dataset are exciting. However, I show that much simpler techniques can also do startlingly well on this dataset; we need to be cautious in our evaluations and not rely too much on getting a high score on a single benchmark. A New Record The LAVA synthetic bug corpora have been...

NYC Area Security Folks – Come to SOS!
7 Nov 2016 | original ↗

Every year the NYU School of Engineering hosts Cyber Security Awareness Week (CSAW) – the largest student-run security event in the country. This year, we're trying something new that combines two of my favorite things: security and open source. The inaugural Security: Open Source (SOS) workshop, held this November 10 at NYU Tandon will feature...