➠ Unleashing YARA – Part 2
In the first post of this series we uncovered YARA and demonstrated couple of use case that that can be used to justify the integration of this tool throughout the enterprise Incident Response life-cycle. In this post we will step through the requirements for the development of YARA rules specially crafted to match patterns in Windows portable executable “PE” files. Additionally, […]
...
Zur Startseite
Kommentiere zu Unleashing YARA – Part 2
➤ Ähnliche Beiträge für 'Unleashing YARA – Part 2'
Applied Yara training - Q&A
vom 1240.25 Punkte
by Vicente Diaz (@trompi) from Virustotal, Costin Raiu (@craiu) from Kaspersky and with the kind support of Victor M. Alvarez (@plusvic) from VirustotalIntroductionOn August 31, 2021 we ran a joint webinar between Virustotal and Kaspersky, with a focus
Wafaray - Enhance Your Malware Detection With WAF + YARA (WAFARAY)
vom 943.67 Punkte
WAFARAY is a LAB deployment based on Debian 11.3.0 (stable) x64 made and cooked between two main ingredients WAF + YARA to detect malicious files (e.g. webshells, virus, malware, binaries) typically through web functions (upload files). Purpose In essence, the main idea came to use WAF + YA
Wafaray - Enhance Your Malware Detection With WAF + YARA (WAFARAY)
vom 943.67 Punkte
WAFARAY is a LAB deployment based on Debian 11.3.0 (stable) x64 made and cooked between two main ingredients WAF + YARA to detect malicious files (e.g. webshells, virus, malware, binaries) typically through web functions (upload files). Purpose In essence, the main idea came to use WAF + YA
Yaralyzer - Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors
vom 593.16 Punkte
Visually inspect all of the regex matches (and their sexier, more cloak and dagger cousins, the YARA matches) found in binary data and/or text. See what happens when you force various character encodings upon those matched bytes. With colors. Quick Star
Threat Hunting with VirusTotal - Episode 2
vom 498.8 Punkte
Last week we conducted the second episode of our “Threat Hunting with VirusTotal” open training session, where we covered YARA services at VirusTotal. We focused on practical aspects of YARA rules providing real life examples of infamous malware and
Actionable Threat Intel (IV) - YARA beyond files: extending rules to network IoCs
vom 323.54 Punkte
We are extremely excited to introduce YARA Netloc, a powerful new hunting feature that extends YARA supported entities from traditional files to network infrastructure, including domains, URLs and IP addresses. This opens endless possibilities and b
Spyre - Simple YARA-based IOC Scanner
vom 310.06 Punkte
...a simple, self-contained modular host-based IOC scannerSpyre is a simple host-based IOC scanner built around the YARA pattern matching engine and other scan modules. The main goal of this project is easy operationalization of YARA rules and other indicat
The path from VT Intelligence queries to VT Livehunt rules: A CTI analyst approach
vom 283.1 Punkte
This post will explain the process you can follow to create a VT Livehunt rule from a VT Intelligence query. Something typical in threat hunting and threat intelligence operations.
Let’s assume that, as a threat hunter, you created robust VT intelli
Fnord - Pattern Extractor For Obfuscated Code
vom 269.62 Punkte
Fnord is a pattern extractor for obfuscated codeDescriptionFnord has two main functions:
Extract byte sequences and create some statistics
Use these statistics, combine length, number of occurrences, similarity and keywords to create a YARA rule
1. Statisti
Actionable Threat Intel (III) - Introducing the definitive YARA editor
vom 245.28 Punkte
One of VirusTotal's biggest strengths is its Hunting capabilities using YARA rules. In addition to matching all files against a big set of crowdsourced YARA rules, it also allows users to create their own detection and classification rules.
YARA was orig
LEAF - Linux Evidence Acquisition Framework
vom 242.66 Punkte
Linux Evidence Acquisition Framework (LEAF) acquires artifacts and evidence from Linux EXT4 systems, accepting user input to customize the functionality of the tool for easier scalability. Offering several modules and parameters as input, LEAF is able to use smart analysis to extract Linux
Actionable Threat Intel (I) - Crowdsourced YARA Hub
vom 242.66 Punkte
YARA rules are an essential tool for detecting and classifying malware, and they are one of VirusTotal’s cornerstones. Other than using your own rules for Livehunts and Retrohunts, in VirusTotal we import a number of selected crowdsourced rules pr