adulau

http://95.107.48.115:80/announce
http://agusiq-torrents.pl:6969/announce
http://asnet.pw:2710/announce
http://fxtt.ru:80/announce
http://grifon.info:80/announce
http://mgtracker.org:2710/announce
http://mgtracker.org:6969/announce
http://ns349743.ip-91-121-106.eu:80/announce
http://open.acgnxtracker.com:80/announce
http://pt.lax.mx:80/announce

adulau

Tor2web and tor proxies public list

List of services which are giving access to Tor network and especially Tor hidden services via web interface. We keep track of potential injection or abuse from such service (the column Scam).

List

Url	Status	Domain	Log	Techno	Scam
https://onion.re/	UP	onion.re	full	custom	no

adulau

Overall statistics

Analysed directory /usr/lib/modules/5.11.0-41-generic/ on maurer running Linux-5.11.0-43-generic-x86_64-with-glibc2.29 at 2022-01-02 11:20:10.596458+00:00.

Run with hashlookup-forensic-analysed version 0.8.

Hashlookup type	Numbers

adulau

---

title: "Hashlookup service - how to improve your digital forensic investigations" author: "Alexandre Dulaunoy" institute: "CIRCL" theme: "Frankfurt" colortheme: "beaver" fonttheme: "professionalfonts" mainfont: "Hack Nerd Font" fontsize: 10pt urlcolor: red

adulau

Compression algorithms

• https://bellard.org/nncp/ - NNCP: Lossless Data Compression with Neural Networks
• https://www.byronknoll.com/cmix.html / https://github.com/byronknoll/cmix - CMIX cmix is a lossless data compression program aimed at optimizing compression ratio at the cost of high CPU/memory usage.
• https://tukaani.org/xz/ - XZ (LZMA)
• https://github.com/facebook/zstd - ZSTD

References

• http://www.mattmahoney.net/dc/text.html

adulau

Bloom filter papers

Bloom filter is a space-efficient probabilistic data structure, conceived by Burton Howard Bloom in 1970, that is used to test whether an element is a member of a set. False positive matches are possible, but false negatives are not – in other words, a query returns either "possibly in set" or "definitely not in set".

Counting bloom filter

A counting Bloom filter (CBF) generalizes a Bloom filter data structure so as to allow membership queries on a set that can bechanging dynamically via insertions and deletions. As with a Bloom filter,a CBF obtains space savings by allowing false positives. We provide asimple hashing-based alternative based ond-left hashing called ad-leftCBF (dlCBF). The dlCBF offers the same functionality as a CBF, butuses less space, generally saving a factor of two or more. We describethe construction of dlCBFs, provide an analysis, and demonstrate theireffectiveness experimentally

• https://people.eecs.berkeley.

adulau

CPE mapping with the product or software name

Problem

IdentifyingNumber : {D307B5CF-D1F0-48A4-8DA3-54765F535208}
Name              : SQL Server 2012 SQL Data Quality Common
Vendor            : Microsoft Corporation
Version           : 11.2.5058.0
Caption : SQL Server 2012 SQL Data Quality Common

adulau

hashlookup.circl.lu

CIRCL hash lookup is a public API to lookup hash values against known database of files. NSRL RDS database is included. More database will be included in the future. The API is accessible via HTTP ReST API and the API is also described as an OpenAPI.

Get information about the hash lookup database (via ReST)

curl -X 'GET' \
  'https://hashlookup.circl.lu/info' \
 -H 'accept: application/json'

adulau

Warning: Analysis is based on the data leaked and subject to interpretation

Format

The original leak contains a zip with various files Zip per "country" with typographic errors and geographic errors. Some files are rar and 7z too.

CSV headers

There are multiple inconsistencies of position and size in the various contry files (merged from different sources?).

adulau

Tools

capa (from fireeye)

capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate.

• https://github.com/fireeye/capa

Papers