{ "info": { "author": "Justin N. Ferguson", "author_email": "jf@ownco.net", "bugtrack_url": null, "classifiers": [ "Development Status :: 2 - Pre-Alpha", "Environment :: Console", "Intended Audience :: Developers", "Intended Audience :: Science/Research", "Intended Audience :: System Administrators", "License :: OSI Approved :: BSD License", "Natural Language :: English", "Operating System :: POSIX", "Operating System :: POSIX :: Linux", "Programming Language :: C++", "Programming Language :: Python :: 2.7", "Topic :: Scientific/Engineering", "Topic :: Scientific/Engineering :: Information Analysis", "Topic :: Security", "Topic :: Security :: Cryptography", "Topic :: Utilities" ], "description": "====================\nEntropyDeviationType\n====================\n\nEntropyDeviationType is an extension that is intended for finding\ndata hidden within other data with no knowledge of the data itself.\nSpecifically, the intended use case is to identify executable files\n(Portable Executables specifically) embedded in non-executable files.\nFor example, malware hidden within a Microsoft Word or PDF document.\nThis is a common occurrence within Advanced Persistent Threat (APT)\nstyle attacks which leverage client-side attacks in common business\noffice file formats and often follow the generic pattern that within \nthe exploit is a XOR encrypted executable that is dropped to the \ncompromised system and then the host document is cleaned to remove the \nexploit.\n\nThe module contains two classes, ``entropyDeviationType`` and \n``xorTableSearchType``. Both classes are intended as proof of concepts\nand not immediately exportable to production. This package also \ncontains an example utility, ``edfind.py``, which serves as both an\nimmediately usable utility and as a rough primer on how to use the\nextension to quickly analyze and locate rogue data hidden within\nbenign information streams.\n\nDISCLAIMER\n==========\n\n**YOUR MILEAGE MAY VARY. AS WITH EVERYTHING TEST THOROUGHLY YOURSELF\nBEFORE UTILIZING IN PRODUCTION CODE. THIS MODULE HAS NOT RECEIVED\nEXTENSIVE TESTING AND MAY CONTAIN BUGS NO WARRANTY, EXPLICIT OR\nIMPLICIT IS PROVIDED. ITS THE INTERNET. TRUST BUT VERIFY**\n\nBUILDING\n========\n - Requires: \n\t- C++ compiler that supports C++11\n\t- Python >2.3 & <3.0 (tested only on 2.7)\n\t- The boost::python library\n\n$ ./setup.py build\n# ./setup.py install\n\nThe C++ classes can be extracted and utilized with only a C++ compiler \nthat supports C++11. \n\nMORE INFORMATION\n================\nIncluded with this distribution is a PDF file in the ./doc/ directory \nthat contains fairly verbose documentation that outlined both the \nPython and C++ API, structure and intended usage. It further outlines \nusage of the included example utility, edfind.py, and does so by \nexplaining its usage on example document files. \n\nIn short, I really tried to type this all up in reST format, but that\nis just nuts. I instead elected to have a text file that provides a\nvery basic description, that will play friendly with 80x60 terminals \nand a PDF document that describes everything in detail that doesn't \nhave to overly worry a whole lot about your particular environment for \nviewing the data. Cheers.", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/jnferguson/entropyDeviation/", "keywords": null, "license": "OSI Approved :: BSD License", "maintainer": null, "maintainer_email": null, "name": "entDevType", "package_url": "https://pypi.org/project/entDevType/", "platform": "POSIX,POSIX :: Linux", "project_url": "https://pypi.org/project/entDevType/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/jnferguson/entropyDeviation/" }, "release_url": "https://pypi.org/project/entDevType/0.1.1/", "requires_dist": null, "requires_python": null, "summary": "A module for calculating the entropy/entropic deviations in data", "version": "0.1.1" }, "last_serial": 1186020, "releases": { "0.1.1": [ { "comment_text": "", "digests": { "md5": "b0e4656b2776c7a6db4a194f96eb86ea", "sha256": "2f4e2b697ac4f3dab29b7fee8b85b7fdc9356636b7cd334dc23fa261476f3556" }, "downloads": -1, "filename": "entDevType-0.1.1.tar.gz", "has_sig": false, "md5_digest": "b0e4656b2776c7a6db4a194f96eb86ea", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 934722, "upload_time": "2014-08-11T01:13:29", "url": "https://files.pythonhosted.org/packages/db/15/8780592ba9168f98e8b76e74dce0cbca98cb3bd6f523c9ef8da264bd8c0c/entDevType-0.1.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "b0e4656b2776c7a6db4a194f96eb86ea", "sha256": "2f4e2b697ac4f3dab29b7fee8b85b7fdc9356636b7cd334dc23fa261476f3556" }, "downloads": -1, "filename": "entDevType-0.1.1.tar.gz", "has_sig": false, "md5_digest": "b0e4656b2776c7a6db4a194f96eb86ea", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 934722, "upload_time": "2014-08-11T01:13:29", "url": "https://files.pythonhosted.org/packages/db/15/8780592ba9168f98e8b76e74dce0cbca98cb3bd6f523c9ef8da264bd8c0c/entDevType-0.1.1.tar.gz" } ] }