Tuesday, February 16, 2010

Find a Hash: SANS Prototype

Today I found very interesting this new SANS service (still in beta testing).
This service is very similar to Offensive computing one (available here). Probably it should be interesting to see both databases together in one unique service.




This page will search your for a hash in the NIST National Software reference Library for files matching your hash. The NSRL is a collection of hashes of "known" software. If you find a random file on your system, and are not sure if it is part of some software you installed, enter the hash here and see if we find it. The NSRL database may contain software that is considered "bad" in some environments. For example games and steganography software is included, as well as security software like nessus and nmap that is sometimes classified as a "hacking tool". Which software is appropriate for a given environment is a matter of policy.We are using version 2.27 (December 2009). You can search for SHA1 or MD5 hashes. There are no Windows 7 hashes yet. NIST offers a Knoppix bootable CD that can be used to collect hashes. We are interested in adding more sources of hashes and would be interested in your hash collection if you have one to offer. Note: The NIST NSRL database only includes hashes of files from original install media. Currently, no patched versions are included. As a result, your hash may differ if that particular file was patched after the original release.In addition to the NIST database, we also run a test agains the Team Cymru Hash Registry. It covers malware. If a match is found we will post a link to the respective page at Threatexpert.com (only for MD5 hashes right now).

2 comments:

Anonymous said...

You have to express more your opinion to attract more readers, because just a video or plain text without any personal approach is not that valuable. But it is just form my point of view

Anonymous said...

I am reading this article second time today, you have to be more careful with content leakers. If I will fount it again I will send you a link