awesome-yara
yara-python
awesome-yara | yara-python | |
---|---|---|
7 | 1 | |
3,265 | 623 | |
1.9% | 0.6% | |
7.1 | 6.7 | |
about 1 month ago | about 1 month ago | |
C | ||
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
awesome-yara
- XSOAR Yara Feeds
- Incorporating YARA Into Security Processes?
-
Cybersecurity Repositories
YARA
-
YARA Rules for Malware
Check out the myriad of resources available here: https://github.com/InQuest/awesome-yara
-
Identifying packers, crypters or protectors
A signature-based approach with YARA can work to fingerprint the specific software used to obfuscate the malware. A lot of YARA rules for a variety of purposes can be found here, and it might be useful to aggregate ones you care about into your own little detection pipeline.
-
What are the best FOSS YARA rules you would recommend to deploy?
https://github.com/InQuest/awesome-yara#rules
- InQuest/awesome-yara - A curated list of awesome YARA rules, tools, and people.
yara-python
-
Pros and Cons of Rust for Cybersecurity
But, due to the young ecosystem, Rust isn't often the best choice for the 2nd category. There are exceptions: while working on a ROP exploitation CLI tool, I was surprised to find the top 3 fastest x86-64 disassemblers are all written in Rust. But other languages just have more mature security ecosystems. Python in particular has some amazing libraries like scapy and bindings for yara.
What are some alternatives?
malware-ioc - Indicators of Compromises (IOC) of our various investigations
signature-base - YARA signature and IOC database for my scanners and tools
a-ray-grass - a-ray-grass is a yara module that provides support for DCSO-format bloom filters in yara. In the context of hashlookup, it allows quickly discard known files "pour séparer le grain de l'ivraie"
awesome-malware-analysis - Defund the Police.
scapy - Scapy: the Python-based interactive packet manipulation program & library.
yara - The pattern matching swiss knife
xgadget - Fast, parallel, cross-variant ROP/JOP gadget search for x86/x64 binaries.
audit-node-modules-with-yara - Audit Node Module folder with YARA rules to identify possible malicious packages hiding in node_moudles
Detect-It-Easy - Program for determining types of files for Windows, Linux and MacOS.
disas-bench - X86 disassembler benchmark