[Bro] ssdeep hashing
Vlad Grigorescu
vladg at illinois.edu
Tue Aug 16 06:30:45 PDT 2016
Yes and no. :-)
There's a way to do this in C++, but there's no script framework for
it. The main reason is performance -- this is really something that
needs to happen in the core (that is, in C++) as opposed to in a script.
Relevant examples would be:
https://github.com/bro/bro/blob/master/src/OpaqueVal.cc
https://github.com/bro/bro/blob/master/src/file_analysis/analyzer/hash/Hash.h
--Vlad
Mark Buchanan <mabuchan at gmail.com> writes:
> I'm curious (and will admit, I haven't checked source), but is there a framework for handling hashing/file analysis, to allow for extensibility/experimentation with different mechanisms? Or is all the current hashing "hard coded"? Is this something that Bro threads, so it scales better?
>
> --
> Mark Buchanan
>
>> On Aug 11, 2016, at 07:30, David Hoelzer <dhoelzer at enclaveforensics.com> wrote:
>>
>> Sounds like an interesting plugin to write.
>>
>> From: [mailto:bro-bounces at bro.org] On Behalf Of philosnef
>> Sent: Thursday, August 11, 2016 7:56 AM
>> To: bro at bro.org
>> Subject: [Bro] ssdeep hashing
>>
>> Is there anything out there Bro wise that can do ssdeep hashing? Thanks.
>>
>> _______________________________________________
>>
>> Bro mailing list
>>
>> bro at bro-ids.org
>>
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160816/b1ff94ba/attachment.bin
More information about the Bro
mailing list