Presented at
DEF CON 33 (2025),
Aug. 8, 2025, 1 p.m.
(45 minutes).
Lex Sleuther is an internal tool developed at CrowdStrike for detecting the script language of an unknown text file based purely on its contents. We derive a novel approach using lexer generators and ridge regression and develop the solution as a compact Rust binary with Python bindings. We compare our solution to the current state of the art and present CrowdStrike’s own findings of relative efficacy in the field. Lex Sleuther has been recently open sourced for everybody to use.
Presenters:
-
Aaron "KNOX" James
Aaron has been the tooling guy for over 13 years, when he first wrote hacks for his favorite games. He still writes hacking tools, but now for security companies.