Abstract

Detecting provenance of dynamically linked ELF binaries can be achieved by creating fingerprints using information in the dynamic symbol table and comparing these to fingerprints created by symbols from reference binaries, or from symbols extracted from source code. Fingerprints can be stored in a database or turned into rules for the YARA pattern matching tool.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.

Recommended Citation

Hemel, Armijn, "Using ELF symbols extracted from dynamically linked ELF binaries for fingerprinting", Technical Disclosure Commons, (July 11, 2021)
https://www.tdcommons.org/dpubs_series/4441

Download

COinS

Technical Disclosure Commons

Defensive Publications Series

Using ELF symbols extracted from dynamically linked ELF binaries for fingerprinting

Abstract

Creative Commons License

Recommended Citation

Browse

Search

Submit

Additional Information

Technical Disclosure Commons

Defensive Publications Series

Using ELF symbols extracted from dynamically linked ELF binaries for fingerprinting

Inventor(s)

Abstract

Creative Commons License

Recommended Citation

Share

Browse

Search

Submit

Additional Information