awesome-yara
yara-python
Our great sponsors
awesome-yara | yara-python | |
---|---|---|
7 | 1 | |
3,193 | 613 | |
2.8% | 2.1% | |
5.6 | 6.8 | |
20 days ago | 8 days ago | |
C | ||
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
awesome-yara
- Incorporating YARA Into Security Processes?
-
Cybersecurity Repositories
YARA
-
YARA Rules for Malware
Check out the myriad of resources available here: https://github.com/InQuest/awesome-yara
-
Identifying packers, crypters or protectors
A signature-based approach with YARA can work to fingerprint the specific software used to obfuscate the malware. A lot of YARA rules for a variety of purposes can be found here, and it might be useful to aggregate ones you care about into your own little detection pipeline.
-
What are the best FOSS YARA rules you would recommend to deploy?
https://github.com/InQuest/awesome-yara#rules
yara-python
-
Pros and Cons of Rust for Cybersecurity
But, due to the young ecosystem, Rust isn't often the best choice for the 2nd category. There are exceptions: while working on a ROP exploitation CLI tool, I was surprised to find the top 3 fastest x86-64 disassemblers are all written in Rust. But other languages just have more mature security ecosystems. Python in particular has some amazing libraries like scapy and bindings for yara.
What are some alternatives?
malware-ioc - Indicators of Compromises (IOC) of our various investigations
signature-base - YARA signature and IOC database for my scanners and tools
awesome-malware-analysis - Defund the Police.
yara - The pattern matching swiss knife
audit-node-modules-with-yara - Audit Node Module folder with YARA rules to identify possible malicious packages hiding in node_moudles
Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
rules - Repository of yara rules
PEpper - An open source script to perform malware static analysis on Portable Executable
awesome-honeypots - an awesome list of honeypot resources
scapy - Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
a-ray-grass - a-ray-grass is a yara module that provides support for DCSO-format bloom filters in yara. In the context of hashlookup, it allows quickly discard known files "pour séparer le grain de l'ivraie"