I think that the test cases included with packages might have the advantage of being able to obfuscate URLs or other strings as benign test dummy data.
This would be especially easy by using the technique called string sampling that the author mentions. I could choose a "Lorem ipsum" like text for use as dummy data, but ensure that the first letter of every word, when combined, forms the domain name of a server that will be used to download a second malicious payload.
This would be especially easy by using the technique called string sampling that the author mentions. I could choose a "Lorem ipsum" like text for use as dummy data, but ensure that the first letter of every word, when combined, forms the domain name of a server that will be used to download a second malicious payload.