*The tool vendor decides the signature* Sure, but they do it following a certain... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		weinzierl on July 19, 2024 \| parent \| context \| favorite \| on: CrowdStrike Update: Windows Bluescreen and Boot Lo... The tool vendor decides the signature Sure, but they do it following a certain process. It's not that CrowdStrike employees get paid to be extra creative in their job, so you likely could predict what they choose to include in the signature. In addition to that, you have no pressure to get it right the first time. You can try as often as you want and analyzing the updated signatures you even get some feedback about your attempts.

lmm on July 20, 2024 [–]

> Sure, but they do it following a certain process.

Which is going to include checking that it doesn't match any OS files.

> You can try as often as you want and analyzing the updated signatures you even get some feedback about your attempts.

As others said, probably only if you can reverse a hash function.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact