Video yükleniyor...

Video Yüklenemedi

Ana Sayfaya Dön

Using hashes to find Linux malware is a waste of time. Unfortunately, it's still common to recommend doing it. In this video I'll show you how to trivially change a Linux binary to evade detection using cryptographic hashes with this elite command: echo -ne '\x0'

29,640 görüntüleme • 2 yıl önce •via X (Twitter)

4 Yorum

Jaded Yuki profil fotoğrafı
Jaded Yuki2 yıl önce

Use the fuzz! You can use the hashes on reports to show what you looked at. Fuzzy matching, string comparisons, good yara rules, all better options 👩🏽‍💻

Craig Rowland - Agentless Linux Security profil fotoğrafı
Craig Rowland - Agentless Linux Security2 yıl önce

Sadly, fuzzy hashes are slow/resource intensive doing it across many files.

DJSnackcakes profil fotoğrafı
DJSnackcakes2 yıl önce

So outside of the coventional hashing and procedural hashing checks, what would be a better menthod? I get sandboxing malware can be effective but won't that give it a chance to escape the enviroment?

Craig Rowland - Agentless Linux Security profil fotoğrafı
Craig Rowland - Agentless Linux Security2 yıl önce

@WhitfieldsDad Basically they will only work for low-hanging fruit. I think heuristics of malware activity work best.

Benzer Videolar