BAM
BAM copied to clipboard
nsacyber
The Binary Analysis Metadata tool gathers information about Windows binaries to aid in their analysis. #nsacyber
SPDX (solely for uniformity and interoperability across supply chain risk management solutions) should be an output format of BAM. There may be better tooling around the binary analysis of all...
Currently, BAM! only finds dependencies missing during execution and records this error in the log file. These requirements should be performed when BAM! starts execution.
Currently, BAM! handles Windows Updates, but not feature update.
While BAM's core logic is meant to be run in the background, interaction with BAM's API and post analytic capabilities would likely prove to be a great boon for BAM....
Per https://docs.microsoft.com/en-us/windows/deployment/update/psfxwhitepaper, Windows updates uses "forward and reverse differentials", this changes how BAM! handles updates going forward. Handle old and new Windows updates.
Retrieve signature information for pe files. Need to handle embedded signatures and files that are catalog signed. Some random links: * http://www.exploit-monday.com/2017/08/application-of-authenticode-signatures.html * https://blog.didierstevens.com/2008/01/11/the-case-of-the-missing-digital-signatures-tab/ * https://stackoverflow.com/questions/16818281/how-does-windows-link-a-pe-file-to-its-signature-in-a-catalog-file * https://blog.didierstevens.com/programs/disitool/ * https://blog.didierstevens.com/programs/authenticode-tools/...
BAM! is creating a "sym" directory within tools\x64 and storing some downloaded pdb files in the directory. All downloaded files should be stored in the location specified by the user...
Right now, BAM almost completely operates in kernel mode since current operations involve networking and file reads and writes. It would behoove the longevity of BAM if BAM can operate...