Potential Goals and milestones #49
Comments
|
I've others ideas too, like setting up a
So that one well be able to compare malware, download and/or upload reports, etc. I have a server so that I could host it by myself. |
|
I think that would be a very valid use case. Most of analysis needs to stay local but having that DB resource for intelligence is very useful. I have not seen many great solutions would this be a username/password setup were people request access. Or your analysis gets a generated Id number and you can use that Id # with command options share publicly, share with certain users, delete the reporte |
|
Now as now my plans are these:
Users will sign up freely and will have unmetered scan requests, this could change during time based by load and in this case I could limit the number of requests per specific time range to not overload the server and to give everyone a stable service. Passwords and usernames will be protected with salt, pepper, With "full control of sharing policy" I mean, but it's not limited to:
For example: a registered user could choose to upload a sample as anonymous, don't store the sample but share the report. I'm widely open to every suggestion. |
|
@pielco11 I downloaded your fork I found it pretty helpful. I would like to the see the same output in ssma when you sue the document flag. I am looking into a detailed display for the matching strings in yara signatures apparently such a thing is possible in the yara python library. if anyone has done this before please let me know |
|
@Evan-Sa quicksand_lite is written is C, that could be not so easy to play with. Maybe using the compiled version and parse the output from quicksand to ssma. Plus quicksand drops embedded exes and objects, also these dropped elements could be analyzed with ssma for a deeper and more complete scan, imho. The best thing to do would be creating a python lib for quicksand, but this will require lot of time and not basic knowledge. |
|
Guys, you are doing great job, but I'm sorry, don't have a time to help :( |
|
@pielco11 I downloaded your fork I found it pretty helpful. I would like to the see the same output in ssma when you sue the document flag. I am looking into a detailed display for the matching strings in yara signatures apparently such a thing is possible in the yara python library. if anyone has done this before please let me know |
I have a short list of ideas for 2018 that I was interested in for ssma development. I wanted to hear some feedback on these ideas before going forward.
Create on option that Prints detailed yara results that show what strings hit on the sample
Display Marco Offsets in the same way that oledump or oletools does
Develop a detailed display option that Dumps PE and PE sections info in the same way manalyze or Pecheck does (header, sections, etc...)
Develop a framework for static analysis
Create an output to CSV or PDF report option
write a simple cheat sheet the commands are little confusing (I've had feedback were people didn't realize you needed a period to do the directory scan or couldn't get the virus total option to work embarrassingly I still don't know how to use that feature.
The text was updated successfully, but these errors were encountered: