Cyberdefense/DeepBlueCLI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update DeepWhite.md

Browse Source
This commit is contained in:
Eric Conrad
2017-09-07 16:25:09 -04:00
committed by GitHub
parent 7b8aa13f41
commit 37b7224646
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
DeepWhite.md
View File

@ -32,9 +32,10 @@ hashdeep.exe -r / -c md5,sha1,sha56 > raw-hashes.csv
Note that hashdeep, etc., has a dumb recursive design (from the manpage): Note that hashdeep, etc., has a dumb recursive design (from the manpage):
> Enables recursive mode. All subdirectories are traversed. Please note that recursive mode cannot be used to examine all files of a given file extension. For example, calling hashdeep -r *.txt will examine all files in directories that end in .txt. Move file to Unix/Linux, remove Windows carriage returns, grab EXEs and DLLs, make CSV. > Enables recursive mode. All subdirectories are traversed. Please note that recursive mode cannot be used to examine all files of a given file extension. For example, calling hashdeep -r *.txt will examine all files in directories that end in .txt. Move file to Unix/Linux, remove Windows carriage returns, grab EXEs and DLLs, make CSV.
:
On Linux/Unix: take the raw CSV, remove the carriage returns, select DLLs, EXEs and SYS files, grab the 2nd field to the end, and create a new whitelist:
``` ```
cat raw-hashes.csv | tr -d '\r' | egrep "\.dll$|\.exe$" | cut -d, -f2- > win10-x64.csv cat raw-hashes.csv | tr -d '\r' | egrep "\.dll$|\.exe$|\.sys" | cut -d, -f2- > file-whitelist.csv
``` ```
Add this entry to the first line of the file (only sha256 and path are currently needed) Add this entry to the first line of the file (only sha256 and path are currently needed)