signature-base
uBlock
Our great sponsors
| signature-base | uBlock | |
|---|---|---|
| 12 | 2,991 | |
| 2,320 | 42,883 | |
| - | - | |
| 9.2 | 9.9 | |
| 12 days ago | 5 days ago | |
| YARA | JavaScript | |
| GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
signature-base
-
Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
> It doesn't matter.
To understand the exact behavior and extend of the backdoor, this does matter. An end to end proof of how it works is exactly what was needed.
> A way to check if servers are vulnerable is probably by querying the package manager
Yes, this has been know since the initial report + later discovering what exact strings are present for the payload.
https://github.com/Neo23x0/signature-base/blob/master/yara/b...
> Not very sophisticated, but it'll work.
Unfortunately, we live in a world with closed-servers and appliances - being able as a customer or pen tester rule out certain class of security issues without having the source/insights available is usually desirable.
- Exploit Outlook CVE-2023-23397 Yara - to detect .msg files exploiting CVE-2023-23397 in Microsoft Outlook
- OneNote Yara rule
-
New Exchange Zero Day rumours [29th September]
* Run the following YARA rules over your logs and aspx files in INSTALL_DIRECTORY/Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\ https://github.com/Neo23x0/signature-base/blob/master/yara/expl_proxyshell.yar
-
Nvidia Breach
If you have a Yara detection platform, Florian Roth’s rules should detect executables signed with this. https://github.com/Neo23x0/signature-base/blob/master/yara/gen_nvidia_leaked_cert.yar.
-
Evidence of a log4j attack found - Now what?
Uses these YARA rules to read JAR, LOG, and TXT files on the system, throwing warnings if any log4shell-looking payloads are found based on those various rules.
- Yara rule to detect ProxyToken exploitation
-
APT29 / NOBELIUM VirusTotal retro hunt results using 12 newly release Yara rules
Rules https://github.com/Neo23x0/signature-base/blob/master/yara/apt_apt29_nobelium_may21.yar
- What are the best FOSS YARA rules you would recommend to deploy?
uBlock
- Mobile Ad Blocker Will No Longer Stop YouTube's Ads
-
Some notes on Firefox's media autoplay settings in practice as of Firefox 124
Check out uBlock Origin's per site switches [1]
[1]: https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-...
-
Brave's AI assistant now integrates with PDFs and Google Drive
If ads, in particular on YouTube, are the problem, anything Chromium-based is probably only going to get worse and worse (see [1] and [2]). So that basically leaves you with Firefox and Safari.
I work for Mozilla (speaking for myself, of course), so I'll leave you to guess which I'd recommend :P
[1] https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...
[2] https://arstechnica.com/gadgets/2023/09/googles-widely-oppos...
-
X.org Server Clears Out Remnants for Supporting Old Compilers
https://github.com/gorhill/uBlock
Or if on mobile, it is well worth it to look up adblock options for the browser you use.
-
Mozilla thinks Apple, Google, Microsoft should play fair
What are the compelling advantages of Chrome nowadays?
Chrome is working to limit the capabilities of ad blockers:
https://www.malwarebytes.com/blog/news/2023/11/chrome-pushes...
Whereas a compelling advantage of Firefox is that uBlock Origin works best in Firefox:
https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...
Advertising networks have often been vectors for malware. Using an ad blocker is an important security measure. Even the FBI recommends ad blockers:
https://www.malwarebytes.com/malvertising
https://theconversation.com/spyware-can-infect-your-phone-or...
-
Brave Leo now uses Mixtral 8x7B as default
> It allows for 30,000 dynamic rules
That is not what we mean by dynamic filters. From https://developer.chrome.com/blog/improvements-to-content-fi...
> However, to support more frequent updates and user-defined rules, extensions can add rules dynamically too, without their developers having to upload a new version of the extension to the Chrome Web Store.
What Chrome is talking about is the ability to specify rules at runtime. What critics of Manifest V3 are talking about is not the ability to dynamically add rules (although that can be an issue), it is the ability to add dynamic rules -- ie rules that analyze and rewrite requests in the style of the blockingWebRequest permission.
It's a little deceptive to claim that the concerns here are outdated and to point to vague terminology that sounds like it's correcting the problem, but on actual inspection turns out to be entirely separate functionality from what the GP was talking about.
> Giving this ability to extensions can slow down the browser for the user. These ads can still be blocked through other means.
This is the debate; most of the adblocking community disagrees with this assertion. uBO maintains a list of some common features that are already not possible to support in Chrome ( https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b... ) and has written about features that are not able to be supported via Chrome's current V3 API ( https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-as... ). Of particular note are filtering for large media elements (I use this a lot on mobile Firefox, it's great for reducing page size), and top-level filtering of domains/fonts.
- uBlock Origin – 1.55.0
-
In 2024, please switch to Firefox
> "Its happened before"
> That's not an argument
It's a subheading to "2. Browser engine monopoly". The subsection's purpose is describing how bad things were during the IE monopoly to reinforce that it's something to be avoided.
> in fact you could counter-argue that IE left a lot of technical debt
That would be agreeing with the article, unless I understand what you mean.
> On top of that, the internet was very different back then.
In a way that now makes it harder for truly new competing engines to pop up due to increased complexity of the web.
> I'm still not convinced, why would I change my browser?
The points made in the article are:
* Increased privacy, opposed to willingly giving your data to an ad-tech company
* Helps avoid a browser engine monopoly which would effectively let Google dictate web standards
* It’s fast and has a nice user interface
Onto which I'd add:
* Content blockers work best on Firefox (https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...), doubly so when Manifest V3 rolls out
* Allows more customization of interface and home page
* UX improvements, like the clutter-free reader mode, aren't vetoed to protect search revenue as with Chrome (https://news.ycombinator.com/item?id=37675467)
-
Ask HN: Is Firefox team too small to do serious security tests?
Advertising networks are vectors for malware:
https://www.cisecurity.org/insights/blog/malvertising
https://www.malwarebytes.com/malvertising
https://theconversation.com/spyware-can-infect-your-phone-or...
So if you're concerned about security then you want the browser with the best ad blocker.
uBlock Origin works best in Firefox:
https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...
-
What is the safest and best browser to use???
Firefox has the best adblocking capability with ublock origin, which explicitly operates better on Firefox. https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-best-on-Firefox
What are some alternatives?
malware-ioc - Indicators of Compromises (IOC) of our various investigations
VideoAdBlockForTwitch - Blocks Ads on Twitch.tv.
Loki - Loki - Simple IOC and YARA Scanner
Spotify-Ad-Blocker - EZBlocker - A Spotify Ad Blocker for Windows
awesome-yara - A curated list of awesome YARA rules, tools, and people.
bypass-paywalls-chrome - Bypass Paywalls web browser extension for Chrome and Firefox.
ThreatHunting - Tools for hunting for threats.
duckduckgo-privacy-extension - DuckDuckGo Privacy Essentials browser extension for Firefox, Chrome.
reversinglabs-yara-rules - ReversingLabs YARA Rules
ClearUrls
audit-node-modules-with-yara - Audit Node Module folder with YARA rules to identify possible malicious packages hiding in node_moudles
AdNauseam - AdNauseam: Fight back against advertising surveillance