admin/APT_REPORT
1
0
Fork 0
mirror of https://github.com/blackorbird/APT_REPORT.git synced 2025-05-06 02:41:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
APT_REPORT/APT-hunting/fn_fuzzy/README.org
blackorbird 105c56463c 11
2019-04-08 15:46:31 +08:00

855 B
Raw Blame History

fn_fuzzy.py - IDAPython script for fast multiple binary diffing triage

Motivation

See the conference information or blog post (will be linked soon).

how to use

fn_fuzzy.py
IDAPython script to export/compare fuzzy hashes of the sample
cli_export.py
python wrapper script to export fuzzy hashes of multiple samples

The typical usage is to run cli_export.py to make a database for large idbs then compare on IDA by executing fn_fuzzy.py.

/admin/APT_REPORT/media/commit/105c56463c0e47d207005fab71a142fda1b6ddc6/APT-hunting/fn_fuzzy/img/fn_fuzzy.png

/admin/APT_REPORT/media/commit/105c56463c0e47d207005fab71a142fda1b6ddc6/APT-hunting/fn_fuzzy/img/res_summary.png

/admin/APT_REPORT/media/commit/105c56463c0e47d207005fab71a142fda1b6ddc6/APT-hunting/fn_fuzzy/img/res_funcs.png

supported IDB version

IDBs generated by IDA 6.9 or later due to SHA256 API

required python packages