ssdeep hashing

philosnef · August 11, 2016, 11:55am

Is there anything out there Bro wise that can do ssdeep hashing? Thanks.

David_Hoelzer · August 11, 2016, 12:30pm

Sounds like an interesting plugin to write.

Mark_Buchanan · August 11, 2016, 1:02pm

Sounds like an interesting plugin to write.

Vlad_Grigorescu3 · August 16, 2016, 1:30pm

Yes and no.

There's a way to do this in C++, but there's no script framework for
it. The main reason is performance -- this is really something that
needs to happen in the core (that is, in C++) as opposed to in a script.

Relevant examples would be:

https://github.com/bro/bro/blob/master/src/OpaqueVal.cc
https://github.com/bro/bro/blob/master/src/file_analysis/analyzer/hash/Hash.h

--Vlad

Mark Buchanan <mabuchan@gmail.com> writes:

Topic		Replies	Views
Devastating DoS attack on Bro via Algorithmic Complexity Attacks Zeek	1	62	May 6, 2022
Reading encrypted pcap with Bro Zeek	6	126	May 6, 2022
IOCs data for hashes. Zeek	1	89	May 6, 2022
Off-line analysis Zeek	1	72	May 6, 2022
SHA256 Hash File Analyzer Zeek	6	158	May 6, 2022

ssdeep hashing

Related topics