@botnet_hunter's blog
Writing modules for bamfdetect requires a variety of talents including reverse engineering, parsing, decryption, as well as development. For this reason, I invite everyone to test their skills to create bamfdetect modules, and compete for cash prizes. bamfdetect bamfdetect is a tool designed to extract the command and control configuration details from malware statically. bamfdetect modules It is highly suggested that before writing modules for the competition that you use bamfdetect to some capacity to get an understanding of how it operates.
When hunting botnets, whether they are custom developed or widely available, it can be helpful to statically extract configurations. With this ability, an automated workflow can be developed to identify and track botnets at scale. For this reason, I have developed bamfdetect. bamfdetect bamfdetect is a tool which is designed to identify malware samples and statically extract their configuration information, such as the domain name of the command and control server.
Recently, I have been trying to focus more on creating small but useful utilities. The first of these tools to be posted publicly is Extract Hosts. The purpose of this utility is to search for domain names and IP addresses in the supplied input. The following is information posted to the readme on the project page. You can download the 1.1.0 release of Extract Hosts here. ExtractHosts Extracts hosts (IP/Hostnames) from files.
18 Apr 2014 #project #utility #python
Design pdevty