SalSA icon indicating copy to clipboard operation
SalSA copied to clipboard

Published 20 hours ago verified publisher icon deptofdefense

Metadata

Salvaging Static Analysis

Results 8 SalSA issues
Sort by recently updated
recently updated
newest added

Solidify PE class

Add support for `__str__`, `__repr__` and static class methods. Basically make this class more "pythonic"

a-rey avatar a-rey

enhancement

Better exception handling

need to define custom exception for PE class instead of just catching all exceptions.

a-rey avatar a-rey

enhancement

Unit Tests

Need to add unit test functionality.

a-rey avatar a-rey

enhancement

Timestamp filed doesn't always hold time stamp of the image. It could hold a hash value.

1 comment

According to Microsoft the timestamp fields in the PE header could contain a hash instead of the actual build timestamp: https://msdn.microsoft.com/en-us/library/windows/desktop/ms680547(v=vs.85).aspx#debug_type

alexandrw avatar alexandrw

Check resource tree in executable

Resource tree walk to check for Microsoft spec compliance and interesting types/values. This will be a complex rule. Need some industry white-papers/research on this subject to give more guidance.

a-rey avatar a-rey

enhancement

Check for header tampering

Check each header for invalid values (detect tampering). This won't be easy and will probably require a rule per each unique header...

a-rey avatar a-rey

enhancement

Add rule to check for invalid data directory RVAs

Check for invalid data directory entries (not in a valid section) and alert on them.

a-rey avatar a-rey

enhancement

Add certificate validation

Need to add validation of certificates to `pe.py` functionality. Allows for rules to examine the signatures embedded inside the executable.

a-rey avatar a-rey

enhancement

Metadata

85
Stars
18
Forks
Watchers

Owner

verified publisher icon deptofdefense

Metadata

Salvaging Static Analysis

Back