Video yükleniyor...
Video Yüklenemedi
Using hashes to find Linux malware is a waste of time. Unfortunately, it's still common to recommend doing it. In this video I'll show you how to trivially change a Linux binary to evade detection using cryptographic hashes with this elite command: echo -ne '\x0'
29,640 görüntüleme • 2 yıl önce •via X (Twitter)
4 Yorum

Jaded Yuki2 yıl önce
Use the fuzz! You can use the hashes on reports to show what you looked at. Fuzzy matching, string comparisons, good yara rules, all better options 👩🏽💻

Craig Rowland - Agentless Linux Security2 yıl önce
Sadly, fuzzy hashes are slow/resource intensive doing it across many files.

DJSnackcakes2 yıl önce
So outside of the coventional hashing and procedural hashing checks, what would be a better menthod? I get sandboxing malware can be effective but won't that give it a chance to escape the enviroment?

Craig Rowland - Agentless Linux Security2 yıl önce
@WhitfieldsDad Basically they will only work for low-hanging fruit. I think heuristics of malware activity work best.
