Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Read of the Week: A Fuzzy Future in Malware Research SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Read of the Week: A Fuzzy Future in Malware Research

The August 2013 ISSA Journal includes an excellent read from Ken Dunham: A Fuzzy Future in Malware Research. Ken is a SANS veteran (GCFA Gold, GREM Gold, GCIH Gold, GSEC, GCIA) who spends a good bit of his time researching, writing and presenting on malware-related topics.

From Ken's abstract:

"Traditional static analysis and identification measures for malware are changing, including the use of fuzzy hashes which offers a new way to find possible related malware samples on a computer or network. Fuzzy hashes were born out of anti-spam research and offer another avenue of promise for malware researchers and first responders. The focus of this article is on malware research and response."

No discussion on fuzzy hashes is complete without including SANS Instructor Jesse Kornblum's SSDEEP, as Ken does in depth. Consider it a requirement to familiarize (pg. 22) yourself with SSDEEP if conducting research of this kind interests you.

Enjoy this great read and happy fuzzy hashing!

Russ McRee | @holisticinfosec

Russ McRee

201 Posts
ISC Handler
Aug 22nd 2013
more on this:

Sign Up for Free or Log In to start participating in the conversation!