fn_fuzzy - Fast Multiple Binary Diffing Triage With IDA

Explore an innovative approach to fast multiple binary diffing triage using IDA Pro in this conference talk from the Hack In The Box Security Conference. Learn about fn_fuzzy, a tool designed to quickly identify similar and previously analyzed IDB files for malware reverse engineers. Discover how this light-weight binary diffing tool calculates two types of fuzzy hashes for each function in IDBs: ssdeep hash values of code bytes and Machoc hash values of call flow graphs. Understand the advantages of fn_fuzzy over other binary diffing tools like BinDiff, Diaphora, and Kam1n0 in terms of speed and efficiency. Gain insights into how this tool can significantly improve the workflow of experienced reverse engineers dealing with hundreds or thousands of IDBs, allowing them to focus on new functions and import findings from previously analyzed databases more effectively.

#HITB2019AMS D1T2 - fn_fuzzy: Fast Multiple Binary Diffing Triage With IDA - Takahiro Haruyama