A security researcher wants to reverse engineer an executable file to determine if it is
malicious. The file was found on an underused server and appears to contain a zero-day
exploit. Which of the following can the researcher do to determine if the file is malicious in
nature?
A.
TCP/IP socket design review
B.
Executable code review
C.
OS Baseline comparison
D.
Software architecture review
Can someone please explain how an OS Baseline helps determine if it’s malicious? Or give an example?
Maybe my I misunderstood the concept of baseline security, but I don’t see how it would help in this situation.
Its not a very well worded question at all. I guess maybe you could baseline the infected system and compare that baseline to another, similar/same non-infected system?
I agree the concept of baselines is a stretch when talking about determining if an executable is malicious or not.
They would basically use the OS Baseline to compare to the sever with the exploit. If the file on the potentially exploited server matches the file on the baseline, then it probably isn’t malicious. If it doesn’t match, then it is probably malicious.
What is zero day exploit?