top | item 25354962

(no title)

That makes sense. So given that the attacker is technically sophisticated in this case, what are the tangible benefits of publishing the fingerprints?

I guess one benefit might be to push the development of new detection techniques to detect the underlying implementation of these tools.

discuss

judge2020|5 years ago

The biggest advantage is that it would allow orgs to audit all applications that have been fingerprinted within their org and see if they might have been attacked as well.

Kalium|5 years ago

Some of the fingerprints are easily gotten around by fudging the binaries a bit. Others, like snort rules, look at things like network traffic that might not always be so easily disguised.