首页| JavaScript| HTML/CSS| Matlab| PHP| Python| Java| C/C++/VC++| C#| ASP| 其他|
购买积分 购买会员 激活码充值

您现在的位置是:虫虫源码 > 其他 > 窃用Windows可执行文件脱丝(流网为EXE)

窃用Windows可执行文件脱丝(流网为EXE)

资 源 简 介

execap is an information security tool for capturing Windows executables as they are transmitted or received. This is somewhat inspired by Driftnet which captures images in transmission. The goal is to be able to run execap in a similar manner as an IDS/IPS to monitor and discover malware being transmitted or loaded onto client machines. execap is written to be much faster than similar code such as Driftnet. On a modern CPU it can easily keep up at 1 Gbps. For example, execap was run for ~60 days on a 10 Gbps link that averages ~1 Gbps and during the day often bursts to 6+ Gbps. execap processed 550 TB of network traffic and extracted 300,000 executables with a packet loss of 0.00062 (0.062%). Minor tweaks and improvements can (and will) be made to further improve performance and reduce packet loss.

文 件 列 表

execap-0.8
NEWS
misc
depcomp
LICENSE
aclocal.m4
README
configure
findexe.c
configure.ac
install-sh
missing
Makefile.am
Makefile.in
config.h.in
pavl.c
pavl.h
AUTHORS
INSTALL
execap.1
execap.c
execap.h
ChangeLog
COPYING

相 关 资 源

您 可 能 感 兴 趣 的

同 类 别 推 荐

VIP VIP