Mastodawn

Joxean Koret (@matalaz)Aug 27, 2023

Today I realised that the oldest technology developed by me integrated into #Diaphora dates from 2009.

In case you are curious, it's #DeepToad, a Python library for doing fuzzy hashing. This simplistic library calculates a set of 3 different hashes using a configurable block size (in opposite to, say, ssdeep, that doesn't work for this).

https://github.com/joxeankoret/deeptoad

#FuzzyHashing
#DeepToad
#Diaphora
#BinDiffing
#ProgramDiffing
#BCSA

GitHub - joxeankoret/deeptoad: DeepToad is a library and a tool to clusterize similar files using fuzzy hashing

DeepToad is a library and a tool to clusterize similar files using fuzzy hashing - GitHub - joxeankoret/deeptoad: DeepToad is a library and a tool to clusterize similar files using fuzzy hashing

GitHub

Joxean Koret (@matalaz)Jul 12, 2023

I know nobody gives a fuck, but this is my next research topic for this year: Finding #bugs & #vulnerabilities by #diffing binaries against sources. It sounds much harder than it actually is.

#ProgramDiffing #VulnDev #VulnResearch #VulnerabilityDevelopment #VulnerabilityResearch #ReverseEngineering
#Compilers #CompilerOptimizations #CompilersBugs #Miscompilations

Joxean Koret (@matalaz)Jul 2, 2023

Dear everyone in the academia using "Machine Learning" for Binary Code Similarity Analysis (ie, bindiffing): AI is bad for anything that requires exact results. It will generate a huge amount of false positives mixed with a varying degree of similar results and is pretty hard to understand its output.

#bindiffing #BinaryDiffing #ProgramDiffing #MachineLearning #BCSA #ArtificialIntelligence