How to Secure Your Software Supply Chain and Speed-Up DFIR with Hashlookup
2023-07-04, 15:10–15:45 (Europe/Paris), Amphitheater

Hashlookup aim is to index the hashes of all the published and released software. It crawls and indexes the hashes from many different public sources which include Linux distributions, operating systems such as Windows or alternative distributions. The goal is provide a fast and efficient way for analysts, digital forensic investigators and security researchers contextual information about published software. hashlookup goal is to support digital forensic investigation but also the review of software supply chain and distribution channels.


Hashlookup aim is to index the hashes of all the published and released software. It crawls and indexes the hashes from many different public sources which include Linux distributions, operating systems such as Windows or alternative distributions. The goal is provide a fast and efficient way for analysts, digital forensic investigators and security researchers contextual information about published software. hashlookup goal is to support digital forensic investigation but also the review of software supply chain and distribution channels.

hashlookup.io is an open-source project and service, which means that it's freely available for anyone to use or contribute to. Both open-source and proprietary software can be distributed in various ways, and in this article, we'll discuss the challenges of gathering all the different sources. We'll also explore the various risks associated with supply chain attacks and offer some strategies for addressing these issues.

See also: slides

I break stuff and I do stuff.

This speaker also appears in: