Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Shadowserver Binary Whitelisting Service - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Shadowserver Binary Whitelisting Service

The Shadowserver Foundation has made available a new and free public service to test the MD5's or SHA1's of binaries to see if they are already a know set of software. The initial service is based on the lists from NIST but over time they plan to add other sources. The service is offered via HTTP and the responses via a JSON object.

The service can be accessed here.

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Guy

418 Posts
ISC Handler
I wonder if they could find benefit exchanging data with Virustotal.com or similar; by this point I'd imagine their catalogue of hashes for both good and bad files.
Anonymous
Posts
...are extensive.

I was imagining the catalogue would be extensive.
Anonymous
Posts
Russ, maybe I should have added that ISC offers a similar service isc.sans.edu/tools/…
Guy

418 Posts Posts
ISC Handler
Any idea if they have manually stripped out the malicious files that are in the NSRL? Or has NIST started excluding non-known-good files in the NSRL?
Anonymous
Posts
For now, the list form NIST should only contain the known good files.
Guy

418 Posts Posts
ISC Handler
The NIST database does include tools like nmap and nessus that may be considered hacker tools. It also only includes software distributed as CDs/DVDs which means that it doesn't cover patch levels if they are only distributed online.

We did extend our ISC database by some patch levels but need to add more.
Johannes

3221 Posts Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!