Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Shadowserver Binary Whitelisting Service - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Shadowserver Binary Whitelisting Service

The Shadowserver Foundation has made available a new and free public service to test the MD5's or SHA1's of binaries to see if they are already a know set of software. The initial service is based on the lists from NIST but over time they plan to add other sources. The service is offered via HTTP and the responses via a JSON object.

The service can be accessed here.

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Guy

425 Posts
ISC Handler
I wonder if they could find benefit exchanging data with Virustotal.com or similar; by this point I'd imagine their catalogue of hashes for both good and bad files.
Anonymous
...are extensive.

I was imagining the catalogue would be extensive.
Anonymous
Russ, maybe I should have added that ISC offers a similar service isc.sans.edu/tools/…
Guy

425 Posts
ISC Handler
Any idea if they have manually stripped out the malicious files that are in the NSRL? Or has NIST started excluding non-known-good files in the NSRL?
Guy
1 Posts
For now, the list form NIST should only contain the known good files.
Guy

425 Posts
ISC Handler
The NIST database does include tools like nmap and nessus that may be considered hacker tools. It also only includes software distributed as CDs/DVDs which means that it doesn't cover patch levels if they are only distributed online.

We did extend our ISC database by some patch levels but need to add more.
Johannes

3322 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!