admin/APT_REPORT
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

11

Browse Source
This commit is contained in:
blackorbird
2019-04-08 15:46:31 +08:00
parent 81a71cac01
commit 105c56463c
13 changed files with 1281 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
APT-hunting/fn_fuzzy/README.org Normal file
View File

@@ -0,0 +1,30 @@
#+OPTIONS: ^:{}
#+TITLE: fn_fuzzy.py - IDAPython script for fast multiple binary diffing triage
* Motivation
See the [[https://conference.hitb.org/hitbsecconf2019ams/sessions/fn_fuzzy-fast-multiple-binary-diffing-triage-with-ida/][conference information]] or blog post (will be linked soon).
* how to use
- fn_fuzzy.py :: IDAPython script to export/compare fuzzy hashes of the sample
- cli_export.py :: python wrapper script to export fuzzy hashes of multiple samples
The typical usage is to run cli_export.py to make a database for large idbs then compare on IDA by executing fn_fuzzy.py.
[[./img/fn_fuzzy.png]]
[[./img/res_summary.png]]
[[./img/res_funcs.png]]
* supported IDB version
IDBs generated by IDA 6.9 or later due to SHA256 API
* required python packages
- mmh3
- [[https://github.com/williballenthin/python-idb%0A][python-idb]]