Project FIRST is lead by Angel M. Villegas. This post is authored by Holger Unterbrink.
Talos is pleased to announce the release of the Function Identification and Recovery Signature Tool (FIRST). It is an open-source framework that allows sharing of knowledge about similar functions used across file types that IDA Pro can analyze. The aim is to create a community for the infosec analysts and reverse engineers that promotes the sharing of information.
The main idea behind FIRST is to preserve an engineer's analysis of certain functions (name, prototype, comment, etc) by using methods like opcode hashing, mnemonic hashing, locality sensitive hashing, etc. By collecting and storing these signatures centrally the framework can provide them later to the community via the API/Plugin. The goal is to provide quick lookups for similar functions (see Fig. A) to avoid losing time with analysing a function which was already analysed before in another sample or by another engineer.
« Read More »
Tags:
Cisco Systems Inc. published this content on 01 December 2016 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 01 December 2016 17:46:02 UTC.
Original documenthttp://blogs.cisco.com/security/talos/project-first-share-knowledge-speed-up-analysis
Public permalinkhttp://www.publicnow.com/view/F6EFD57E256054A6995D4E899D9C1A13CBEF8FC1
Cisco Systems, Inc. is the world leader in designing, developing, and marketing Internet network equipment. Net sales break down by family of products and services as follows:
- network equipment (68.9%); switches and routers, technological software and systems (storage, Internet access, and security systems, wiring, gateways, connection interfaces and modules, etc.), etc.;
- services (24.3%): technical assistance, network design, execution, and integration services, etc.;
- security products (6.8%).
Net sales are distributed geographically as follows: Americas (58.7%), Europe/Middle East/Africa (26.6%) and Asia/Pacific (14.7%).