You would need something to extract semantic understanding of a module, something to carve it out, and something to carve it into.
-
-
This is precisely one use case for mcsema. Ex, identify the C2 module in a piece of malware, lift it out, patch it into your own code.
1 reply 0 retweets 0 likes -
I'm sure you could stitch together a full program from found parts. Like, grab a webcam module from here, and a keylogger from there, etc
1 reply 0 retweets 0 likes -
Replying to @dguido @matthew_d_green
Sure. But it's easier to write your own. Repurposing malware -- especially binaries in the field -- is way harder than writing from scratch.
1 reply 0 retweets 1 like -
Replying to @pwnallthethings @matthew_d_green
Not so sure. The military can't even hire enough operators let alone developers. They could have experts design an automated system once.
3 replies 0 retweets 0 likes -
Replying to @dguido @matthew_d_green
Automating malware repurposing sounds even harder than doing it once for a specific op. Not least of which each malware has its own protocol
1 reply 0 retweets 0 likes -
Writing implants is ~ easy. A first year CS undergrad can do it. I know maybe half a dozen folks who could credibly repurpose malware.
1 reply 0 retweets 0 likes -
Replying to @pwnallthethings @matthew_d_green
Yeah but what if you want to create unique implants at scale? Or want measurable effects on attribution or signature avoidance?
2 replies 0 retweets 1 like -
If writing malware is so easy, why would you keep letting humans do it? Doesn't that qualify it for automated production?
1 reply 0 retweets 0 likes -
Replying to @dguido @matthew_d_green
Because anything that is made at scale by a single process is attributable by that process.
3 replies 0 retweets 2 likes
Ok, I guess we'll keep dev'ing away at offensive tools by hand like cavemen forever. 
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.