Add option to list files that have known hash, but for which the filename doesn't match any of the known filenames for that hash
Wachizungu opened this issue · 0 comments
Wachizungu commented
Some attack techniques replace a 'known' file by another 'known' file, allowing them to exploit some processing flow that triggers the binary at the target location
This kind of scenario could be detected with this proposed new functionality