RE: MD5 Exploit Database?

From: Mark G. Spencer <mspencer(at)evidentdata.com>
Date: Sun Jan 26 2003 - 12:35:18 EST

Hi James!

I got many replies regarding known good databases, but no one replied to my question regarding a known bad database. Since there are a few very good outlets for known good hashes, but not known bad, I have enlisted some help to begin work on a known bad resource for the community.

We have a foundation to begin with from bagged web servers we've worked and some hashes of trojans and malware floating out there.

If anyone wants more (however preliminary) information, such as rationale, you can contact me directly. I'll post back soon when we actually have something up and running that people can play with.

Mark

-----Original Message-----
From: James.Holley@ey.com [mailto:James.Holley@ey.com] Sent: Saturday, January 25, 2003 7:04 PM To: Simson L. Garfinkel
Cc: Chris Reining; forensics@securityfocus.com; Mark G. Spencer; Simson L. Garfinkel; Matt Scarborough
Subject: Re: MD5 Exploit Database?

I know this thread started out with looking for a database of MD5s of known exploits. I am not aware of where that database might be. But the thread seems to have migrated to a question of hashes of known good files.

NIST produces an MD5 and SHA-1 database of over (currently) 7 million known good hashes. It is called the National Software Reference Library (NSRL). You can find references here:

http://www.nsrl.nist.gov/

James

<snip>

---

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Sun Jan 26 12:37:37 2003