Log in

View Full Version : Honeynet Forensic Challenge 8 - "Malware Reverse Engineering"


Sunk
May 12th, 2011, 18:01
If you haven't seen it already, you might want to check out The Honeynet Project's Challenge 8 (https://honeynet.org/node/668) on Reverse Engineering Malware. I'd be interested in seeing how you guys solve this.

https://honeynet.org/node/668

Silkut
May 13th, 2011, 02:55
Hello,

Sure it's going to be interesting, but noone shall spoil before the end of the official deadline (June 15th 2011).

Thanks =)

Indy
May 13th, 2011, 08:42
Quote:
4. Describe the API hooking mechanism used by the sample (3 points)
5. What is the purpose of the HttpSendRequest hook? Detail how it works (6 points)
6. What is the purpose of the NtQueryDirectoryFile hook? Detail how it works (3 points)
7. What is the purpose of the NtVdmControl hook? Detail how it works (4 points)
8. What is the purpose of the InternetReadFile hook? Detail how it works (4 points)
9. What is the purpose of the InternetWriteFile hook? Detail how it works (4 points)

You do not have to look, obviously this is a primitive patch code