The Experts below are selected from a list of 33 Experts worldwide ranked by ideXlab platform
D. Geyer - One of the best experts on this subject based on the ideXlab platform.
-
ACSAC - A toolkit for detecting and analyzing malicious software
18th Annual Computer Security Applications Conference 2002. Proceedings., 2002Co-Authors: Michael D. Weber, M. Schmid, M. Schatz, D. GeyerAbstract:We present PEAT: the Portable Executable Analysis Toolkit. It is a software prototype designed to provide a selection of tools that an analyst may use in order to examine structural aspects of a Windows Portable Executable (PE) file, with the goal of determining whether malicious code has been inserted into an application after compilation. These tools rely on structural features of executables that are likely to indicate the presence of inserted malicious code. The underlying premise is that typical application Programs are compiled into one binary, homogeneous from beginning to end with respect to certain structural features; any disruption of this homogeneity is a strong indicator that the binary has been tampered with. For example, it could now harbor a virus or a Trojan Horse Program. We present our investigation into structural feature analysis, the development of these ideas into the PEAT prototype, and results that illustrate PEAT's practical effectiveness.
-
A toolkit for detecting and analyzing malicious software
18th Annual Computer Security Applications Conference 2002. Proceedings., 2002Co-Authors: M. Weber, M. Schmid, M. Schatz, D. GeyerAbstract:We present PEAT: the Portable Executable Analysis Toolkit. It is a software prototype designed to provide a selection of tools that an analyst may use in order to examine structural aspects of a Windows Portable Executable (PE) file, with the goal of determining whether malicious code has been inserted into an application after compilation. These tools rely on structural features of executables that are likely to indicate the presence of inserted malicious code. The underlying premise is that typical application Programs are compiled into one binary, homogeneous from beginning to end with respect to certain structural features; any disruption of this homogeneity is a strong indicator that the binary has been tampered with. For example, it could now harbor a virus or a Trojan Horse Program. We present our investigation into structural feature analysis, the development of these ideas into the PEAT prototype, and results that illustrate PEAT's practical effectiveness.
M. Weber - One of the best experts on this subject based on the ideXlab platform.
-
A toolkit for detecting and analyzing malicious software
18th Annual Computer Security Applications Conference 2002. Proceedings., 2002Co-Authors: M. Weber, M. Schmid, M. Schatz, D. GeyerAbstract:We present PEAT: the Portable Executable Analysis Toolkit. It is a software prototype designed to provide a selection of tools that an analyst may use in order to examine structural aspects of a Windows Portable Executable (PE) file, with the goal of determining whether malicious code has been inserted into an application after compilation. These tools rely on structural features of executables that are likely to indicate the presence of inserted malicious code. The underlying premise is that typical application Programs are compiled into one binary, homogeneous from beginning to end with respect to certain structural features; any disruption of this homogeneity is a strong indicator that the binary has been tampered with. For example, it could now harbor a virus or a Trojan Horse Program. We present our investigation into structural feature analysis, the development of these ideas into the PEAT prototype, and results that illustrate PEAT's practical effectiveness.
M. Schmid - One of the best experts on this subject based on the ideXlab platform.
-
ACSAC - A toolkit for detecting and analyzing malicious software
18th Annual Computer Security Applications Conference 2002. Proceedings., 2002Co-Authors: Michael D. Weber, M. Schmid, M. Schatz, D. GeyerAbstract:We present PEAT: the Portable Executable Analysis Toolkit. It is a software prototype designed to provide a selection of tools that an analyst may use in order to examine structural aspects of a Windows Portable Executable (PE) file, with the goal of determining whether malicious code has been inserted into an application after compilation. These tools rely on structural features of executables that are likely to indicate the presence of inserted malicious code. The underlying premise is that typical application Programs are compiled into one binary, homogeneous from beginning to end with respect to certain structural features; any disruption of this homogeneity is a strong indicator that the binary has been tampered with. For example, it could now harbor a virus or a Trojan Horse Program. We present our investigation into structural feature analysis, the development of these ideas into the PEAT prototype, and results that illustrate PEAT's practical effectiveness.
-
A toolkit for detecting and analyzing malicious software
18th Annual Computer Security Applications Conference 2002. Proceedings., 2002Co-Authors: M. Weber, M. Schmid, M. Schatz, D. GeyerAbstract:We present PEAT: the Portable Executable Analysis Toolkit. It is a software prototype designed to provide a selection of tools that an analyst may use in order to examine structural aspects of a Windows Portable Executable (PE) file, with the goal of determining whether malicious code has been inserted into an application after compilation. These tools rely on structural features of executables that are likely to indicate the presence of inserted malicious code. The underlying premise is that typical application Programs are compiled into one binary, homogeneous from beginning to end with respect to certain structural features; any disruption of this homogeneity is a strong indicator that the binary has been tampered with. For example, it could now harbor a virus or a Trojan Horse Program. We present our investigation into structural feature analysis, the development of these ideas into the PEAT prototype, and results that illustrate PEAT's practical effectiveness.
M. Schatz - One of the best experts on this subject based on the ideXlab platform.
-
ACSAC - A toolkit for detecting and analyzing malicious software
18th Annual Computer Security Applications Conference 2002. Proceedings., 2002Co-Authors: Michael D. Weber, M. Schmid, M. Schatz, D. GeyerAbstract:We present PEAT: the Portable Executable Analysis Toolkit. It is a software prototype designed to provide a selection of tools that an analyst may use in order to examine structural aspects of a Windows Portable Executable (PE) file, with the goal of determining whether malicious code has been inserted into an application after compilation. These tools rely on structural features of executables that are likely to indicate the presence of inserted malicious code. The underlying premise is that typical application Programs are compiled into one binary, homogeneous from beginning to end with respect to certain structural features; any disruption of this homogeneity is a strong indicator that the binary has been tampered with. For example, it could now harbor a virus or a Trojan Horse Program. We present our investigation into structural feature analysis, the development of these ideas into the PEAT prototype, and results that illustrate PEAT's practical effectiveness.
-
A toolkit for detecting and analyzing malicious software
18th Annual Computer Security Applications Conference 2002. Proceedings., 2002Co-Authors: M. Weber, M. Schmid, M. Schatz, D. GeyerAbstract:We present PEAT: the Portable Executable Analysis Toolkit. It is a software prototype designed to provide a selection of tools that an analyst may use in order to examine structural aspects of a Windows Portable Executable (PE) file, with the goal of determining whether malicious code has been inserted into an application after compilation. These tools rely on structural features of executables that are likely to indicate the presence of inserted malicious code. The underlying premise is that typical application Programs are compiled into one binary, homogeneous from beginning to end with respect to certain structural features; any disruption of this homogeneity is a strong indicator that the binary has been tampered with. For example, it could now harbor a virus or a Trojan Horse Program. We present our investigation into structural feature analysis, the development of these ideas into the PEAT prototype, and results that illustrate PEAT's practical effectiveness.
Peng Ying-chun - One of the best experts on this subject based on the ideXlab platform.
-
Research on the concealing technology of Trojan Horse based on DLL
Information Technology, 2020Co-Authors: Peng Ying-chunAbstract:Concealing technology is important to designer of Trojan Horses all through.Based on the study of the existing concealing technology of Trojan Horses,a new scheme is presented to realize the injection of Trojan Horse by combining the technology of dynamic linking library with the remote thread injection.The idea of replacing traditional Trojan Horse Program with DLL and the notion of injection of DLL by use of remote thread are proposed.It is rather safe and flexible to inject Trojan Horse by adopting this scheme.
