Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify references to case studies in readme #2437

Open
Greatz08 opened this issue Oct 3, 2024 · 2 comments
Open

Clarify references to case studies in readme #2437

Greatz08 opened this issue Oct 3, 2024 · 2 comments

Comments

@Greatz08
Copy link

Greatz08 commented Oct 3, 2024

In the above sample output, we run capa against an unknown binary (suspicious.exe), and the tool reports that the program can send HTTP requests,

Instead of this you can mention properly with due respect that you have used open source project which is based on malware analysis kind of tool and what all things it runs and showcase how capa can detect all those as example . In this way people will not have wrong image about al-khaser project which is important because it also deserves equal respect as open source project which is unique and well maintained instead of been shown as "unknown suspicious binary" plus they can read al-khaser code (https://github.com/LordNoteworthy/al-khaser) and understand all how it works and what all things it do plus how project capa can detect all those things successfully from exe file so all together this would give best open picture to all users.

@williballenthin
Copy link
Collaborator

Hey @Greatz08

Thanks for raising this concern about our intro. I appreciate the request to recognize open source software, including Al-Khaser - a tool that has definitely influenced capa!

First, let's continue this thread of discussion, because its important to get right fully and consistently.

With that said, the wording of our intro is ambiguous, and our reference to suspicious.exe does not refer to the Al-Khaser binary. The screenshot of Al-Khaser was added very recently and is independent of the case study around suspicious.exe (which I think is actually Wannacry). When we added the screenshot, we didn't update the wording, so when we say "In the above sample output..." we mean way above not "immediately above" which is certainly confusing.

I think we should update our wording to make the examples and their sources more clear. We can open a PR for that. What else do you think we can do?

@williballenthin williballenthin changed the title [SUGGESTION] It would be better to describe the file you used in example section because it is pretty good open source project for malware analysis Clarify references to case studies in readme Oct 3, 2024
@Greatz08
Copy link
Author

Greatz08 commented Oct 4, 2024

@williballenthin ok now i get it, Thanks for explaining things from your side. In my opinion explaining little bit about al-khaser project so that people can understand easily what it and referencing it to al-khaser github page will be enough as people who are interested will study more how it works and can easily relate how capa works to detect all those things. This much will be enough in my opinion
BUT in case you/team wants to explain much more about capa capabilities and wanna showcase it in video or in easier docs way then you can use al-khaser project to do that easily.

For me personally both capa and al-khaser projects are pretty awesome and i could relate as i did know about al-khaser before knowing capa but i am sure max wont know about it and might think al-khaser project as virus so educating them is also responsibility for us and that is one more reason for me to ask you to explain al-khaser project when showcasing so that more people can understand and relate things easily without having to take risk in finding and running actual sus file/virus to test capa :-))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants