hashlookup/hashlookup-forensic-analyser

Add option to list files that have known hash, but for which the filename doesn't match any of the known filenames for that hash

Wachizungu opened this issue · 0 comments

Some attack techniques replace a 'known' file by another 'known' file, allowing them to exploit some processing flow that triggers the binary at the target location

This kind of scenario could be detected with this proposed new functionality