Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"!

[Matt LeGrow <mlegrow () nfr com>]

H D Moore wrote:

> The heart of the Malicious Code Protector is a disassembler engine that 
> can examine network traffic and detect executable code (i.e., disassemble 
> binary data into machine assembly language). This ability to detect 
> executable code is related to the assumption that executable code is 
> normally not allowed to traverse a network, with the exception of a few 
> well known cases, such as an FTP transfer of an executable (*.exe) file.
>
> Malicious Code Protector monitors data streams and looks for a sequence 
> of data that the disassembler engine can translate into machine assembly 
> language. This indicates the possible existence of executable code 
> passing through a network. However, this alone is not sufficient when 
> trying to determine whether a certain data stream contains executable 
> code, let alone code of malicious nature. 
>  
Boy this sounds an awful lot like fnord.  Are they actually trying to 
patent a shellcode packet grepper?  Because if so, someone should bring 
the prior art hammer down on them.  Hard.

Matt LeGrow
NFR Rapid Response Team
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave