Willi Ballenthin
Willi Ballenthin
compare how CFF explorer shows the resource names vs what we do today: c24ecd199e5e39cb7daca5e79b7af82f06fe4c2a32409c5053145b67dc0088c5
list hashes and junk strings that get extracted. this will inform upstream code recovery analysis, such as lancelot or vivisect.
(spawned from #731) Hey @r0ny123! The smallest bit of documentation on QUANTUMSTRAND is here: [readme.md](https://github.com/mandiant/flare-floss/blob/quantumstrand/floss/qs/readme.md) and a prelease4 build here: [Release: quantumstrand-prerelease4](https://github.com/mandiant/flare-floss/releases/tag/quantumstrand-preview4). @mr-tz and I have a *lot* of things...
via #761 and @r0ny123 > For example, to build the expert db, we can use GitHub CI, to automatically add the strings from capa rules whenever a rule with a...
via #761 and @r0ny123 add an option to disable the printing of common/library strings to the console. and expanding on this: any tag specified by the user. currently #code is...
via #761 and @r0ny123 naturally a good and useful feature. we should also explain in the documentation how we came up with our default (which i think is 6).
via #761 and @r0ny123 > Currently, QS ranks strings based on offsets within sections, can we use stringsifter or something like that to show the most relevant strings first within...
if our code recovery solution (lancelot or vivisect) fails to identify some code, then we may still display some junk strings that are actually instructions, like ``` ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ .text ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫┃...
(spawned from #731) Hey @cxiao! The smallest bit of documentation on QUANTUMSTRAND is here: [readme.md](https://github.com/mandiant/flare-floss/blob/quantumstrand/floss/qs/readme.md) and a prelease4 build here: [Release: quantumstrand-prerelease4](https://github.com/mandiant/flare-floss/releases/tag/quantumstrand-preview4). @mr-tz and I have a *lot* of things...