hashlookup.ioMany updates to hashlookup online service including new source feeds and all latest NSRL RDS are imported.
available via @circl https://hashlookup.circl.lu/
Alexandre DulaunoyI published a new blog post - Improve Your Forensic Analyses with hashlookup
For several decades, forensic analyses in cybersecurity have relied on known software hash sources. These sources are not numerous. Most investigators and security researchers use sources like the National Software Reference Library (NSRL) and its Reference Data Set (RDS) to distinguish known files from unknown ones. For several years at CIRCL, it became evident that we were finding it increasingly difficult to sort files using hash databases like NSRL during investigations on compromised systems....
π https://www.foo.be/2024/09/Improve_Your_Forensic_Analyses_with_hashlookup
#dfir #forensics #digitalforensics #infosec #opensource #hashlookup #incident #incidentresponse
The article was originally published in French two years ago, it's now translated and updated with some recent changes in hashlookup.
Thanks to @gallypette for the insightful collaboration on the project.
Major updates to hashlookup with the latest CDNJS, snap files and the NSRL RDS from December 2023.
All is accessible via the public API.
Doc π https://www.circl.lu/services/hashlookup/
API π https://hashlookup.circl.lu/
hashlookup-forensic-analyser version 1.3 has been released - including Bloom filter improvements and bugs fixed. You can now specify the hash algorithm used for the Bloom filter sets.
#hashlookup #dfir #forensics #forensic #infosec
hashlookup-forensic-analyser analyses a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service.
π Source code - https://github.com/hashlookup/hashlookup-forensic-analyser
π Release notes - https://github.com/hashlookup/hashlookup-forensic-analyser/releases/tag/v1.3
In 2021, we introduced hashlookup to provide a complete set of open source tools and open standards to lookup hash values against known database of files. Hashlookup helps to improve and speed-up Digital Forensic and Incident Response (DFIR) by providing a readily-accessible list of known files metadata published. CIRCL provides a freely accessible API.
Today, we added many more sources including all the default Windows 10 and 11 including many localized version.
Many tools now include hashlookup by default including MISP Project, LookyLoo, Pandora analysis, Palo Alto Networks XSOAR, TheHive Project, Munin and many more.
π https://www.circl.lu/services/hashlookup/
π https://hashlookup.io/
API π https://hashlookup.circl.lu/
#dfir #opensource #hashlookup #cybersecurity #infosec #threatintelligence
n0kovo π©π°β
β
β
β
β
β
β
β
Need a quick way to check a hash against a huge database?
I've written a small but flexible Go CLI tool to query the HashMob API.
It's actually pretty damn handy if I do say so myself.
If you find it useful, stars and boosts are much appreciated β€οΈ
https://github.com/n0kovo/gohashmob
(just starting to learn Go, don't judge my probably horrible code π₯Ή)
#hacking #infosec #tools #osint #passwordcracking #passwords #passwordsecurity #hashcracking #hashlookup #hashmob #md5 #sha1 #bcrypt #pentesting #bugbounty #redteam
Great news! The @misp and the @hashlookup integration is now merged in @TimesketchProj
Thanks to all who helped to make this happens. (David, Thomas, Alexander, Johan, Joachim)
https://github.com/google/timesketch/pull/2429
More documentation and use-cases will be shown in the next weeks.
#DFIR #opensource #misp #timesketch #hashlookup #threatintel #threathunting
