Cyberdefense/DeepBlueCLI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update DeepWhite.md

Browse Source
This commit is contained in:
Eric Conrad
2017-09-07 19:30:12 -04:00
committed by GitHub
parent b8059a00f0
commit 7914291c98
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
DeepWhite.md
View File

@ -27,7 +27,7 @@ Install hashdeep: https://github.com/jessek/hashdeep/releases
Generate your own whitelist on Windows: Generate your own whitelist on Windows:
``` ```
hashdeep.exe -r / -c md5,sha1,sha56 > raw-hashes.csv C:\> hashdeep.exe -r / -c md5,sha1,sha56 > raw-hashes.csv
``` ```
Note that hashdeep, etc., has a dumb recursive design (from the manpage): Note that hashdeep, etc., has a dumb recursive design (from the manpage):
@ -35,7 +35,7 @@ Note that hashdeep, etc., has a dumb recursive design (from the manpage):
On Linux/Unix: take the raw CSV, remove the carriage returns, select DLLs, EXEs and SYS files, grab the 2nd field to the end, and create a new whitelist: On Linux/Unix: take the raw CSV, remove the carriage returns, select DLLs, EXEs and SYS files, grab the 2nd field to the end, and create a new whitelist:
```shell ```shell
echo "md5,sha1,sha256,path" > file-whitelist.csv $ echo "md5,sha1,sha256,path" > file-whitelist.csv
cat raw-hashes.csv | tr -d '\r' | egrep "\.dll$|\.exe$|\.sys$" | cut -d, -f2- >> file-whitelist.csv $ cat raw-hashes.csv | tr -d '\r' | egrep "\.dll$|\.exe$|\.sys$" | cut -d, -f2- >> file-whitelist.csv
``` ```