Security Study20 [malware] 패킹과 엔트로피 1. 패킹 개요1.1. 패킹(Packing) 개념과 난독화된 악성코드오늘은 공부했던 내용 중 꽤 흥미로웠던 패킹과 엔트로피에 대해 정리를 해보고자 한다. 먼저 패킹의 개념에 대해서 설명을 해야 한다.windows의 실행파일(PE 파일)에 대한 이해가 필요하지만 해당 게시물에서 PE파일에 대한 내용을 같이 정리하기보단 따로 정리하는 게 좋을 거 같아 해당 게시물에선 건너뛰고 정리하도록 한다. 먼저 패킹(Packing)이란? 실행 파일(PE 파일)의 내부 코드를 압축하거나 암호화하여 파일의 형태를 포장하는 기술을 말한다.쉽게 말해 실행 파일의 분석을 어렵게 하기 위해 코드를 압축하거나 암호화하는 것이다. 악성코드 제작자는 파일의 탐지와 분석을 더 어렵게 할 목적으로 패킹과 난독화 기법을 사용한다.난독화된 프.. 2026. 5. 31. [SANS Forensic Contest Puzzle] #6: Ann’s Aurora https://forensicscontest.com/2010/05/21/puzzle-6-anns-aurora Puzzle #6: Ann’s Aurora – Network Forensics Puzzle ContestOur latest puzzle was written by Sherri Davidoff, Eric Fulton and Jonathan Ham. Hi! Recently we were challenged by SANS Fellow Rob Lee (author of “Computer Forensics” 508) to create a puzzle based on an Advanced Persistent Threat (APT). We thought thisforensicscontest.com 앤 더커버는.. 2025. 11. 28. [SANS Forensic Contest Puzzle] #5: Ms. Moneymany’s Mysterious Malware https://forensicscontest.com/2010/04/01/ms-moneymanys-mysterious-malware Puzzle #5: Ms. Moneymany’s Mysterious Malware – Network Forensics Puzzle ContestOur latest forensics puzzle has a malware twist to it, and was written by Lenny Zeltser. Lenny teaches the reverse-engineering malware (REM) course at SANS Institute. The puzzle: It was a morning ritual. Ms. Moneymany sipped her coffee as she qu.. 2025. 11. 25. [SANS Forensic Contest Puzzle] #4: The Curious Mr. X https://forensicscontest.com/2010/02/03/puzzle-4-the-curious-mr-x Puzzle #4: The Curious Mr. X – Network Forensics Puzzle ContestWhile a fugitive in Mexico, Mr. X remotely infiltrates the Arctic Nuclear Fusion Research Facility’s (ANFRF) lab subnet over the Interwebs. Virtually inside the facility (pivoting through a compromised system), he conducts some noisy network reconnaissanforensicscontes.. 2025. 11. 18. [SANS Forensic Contest Puzzle] #3: Ann’s AppleTV https://forensicscontest.com/2009/12/28/anns-appletv Ann’s AppleTV – Network Forensics Puzzle ContestAnn and Mr. X have set up their new base of operations. While waiting for the extradition paperwork to go through, you and your team of investigators covertly monitor her activity. Recently, Ann got a brand new AppleTV, and configured it with the static IPforensicscontest.comAnn과 Mr. X는 새로운 운영 기반.. 2025. 11. 14. [SANS Forensic Contest Puzzle] #2: Ann Skips Bail https://forensicscontest.com/2009/10/10/puzzle-2-ann-skips-bail Puzzle #2: Ann Skips Bail – Network Forensics Puzzle ContestAfter being released on bail, Ann Dercover disappears! Fortunately, investigators were carefully monitoring her network activity before she skipped town. “We believe Ann may have communicated with her secret lover, Mr. X, before she left,” says the polforensicscontest.com예 .. 2025. 11. 5. 이전 1 2 3 4 다음
