I think that's 100% technically feasible, and useful in an operational context.
-
-
You would need something to extract semantic understanding of a module, something to carve it out, and something to carve it into.
1 reply 0 retweets 1 like -
This is precisely one use case for mcsema. Ex, identify the C2 module in a piece of malware, lift it out, patch it into your own code.
1 reply 0 retweets 0 likes -
I'm sure you could stitch together a full program from found parts. Like, grab a webcam module from here, and a keylogger from there, etc
1 reply 0 retweets 0 likes -
Replying to @dguido @matthew_d_green
Sure. But it's easier to write your own. Repurposing malware -- especially binaries in the field -- is way harder than writing from scratch.
1 reply 0 retweets 1 like -
Replying to @pwnallthethings @matthew_d_green
Not so sure. The military can't even hire enough operators let alone developers. They could have experts design an automated system once.
3 replies 0 retweets 0 likes -
Replying to @dguido @matthew_d_green
Automating malware repurposing sounds even harder than doing it once for a specific op. Not least of which each malware has its own protocol
1 reply 0 retweets 0 likes -
Writing implants is ~ easy. A first year CS undergrad can do it. I know maybe half a dozen folks who could credibly repurpose malware.
1 reply 0 retweets 0 likes -
Replying to @pwnallthethings @matthew_d_green
Yeah but what if you want to create unique implants at scale? Or want measurable effects on attribution or signature avoidance?
2 replies 0 retweets 1 like -
Replying to @dguido @matthew_d_green
By em from defence contractors and startups. Cheaper and safer :)
1 reply 0 retweets 0 likes
My point is that I think you're wrong to endorse the view that DIA guy's idea is stupid and useless.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.