yara
flare-floss
yara | flare-floss | |
---|---|---|
19 | 4 | |
7,656 | 3,024 | |
1.5% | 1.1% | |
8.9 | 9.2 | |
8 days ago | 2 days ago | |
C | Python | |
BSD 3-clause "New" or "Revised" License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
yara
- Ask HN: Regex on a File or Stream
-
Who does check linux distros of malware - open source
Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...
- Release YARA v4.4.0-rc1 - lnk module
- Release YARA v4.3.0-rc1
- yara - The pattern matching swiss knife for malware researchers (and everyone else)
- Hogy lehet észrevenni, ha valaki bejár a gépedre és adatot visz ki? KRÉTA sztori spin-off
- LNK module for Yara
-
Open source tools and standards to lookup known files
Shameless plug: I wrote a small poc module to use hashlookup's bloom filter in yara (https://github.com/VirusTotal/yara). The idea is to easily discard files that are known to be safe and so to avoid launching thousands of yara rules on a file for nothing. One can also use it to keep track of some files that meet certain conditions for instance. The module can store any string in these filters so I see a lot of useful use-cases for this little thingy :)
- Yara - The pattern matching swiss knife
-
Tasked with building a malware analysis / threat hunting machine . Need feedback
YARA - https://virustotal.github.io/yara/
flare-floss
-
Why is this de-compiled code showing a different value in memory sometimes?
Depending on how clever the developer was, this tool works well to find hidden strings: https://github.com/mandiant/flare-floss
-
Static Analysis Research - Windows PE
Recently, I decided do delve a little bit more into static analysis, something beyond just running strings on a binary and getting the ASCII characters that are printable. I decided to take a deep look at how FLOSS is working and possibly recreate some of its functionality in my own tool.
- Hogy lehet észrevenni, ha valaki bejár a gépedre és adatot visz ki? KRÉTA sztori spin-off
- Installed Kaspersky today, Trojan.Win32.Hosts2.gen detected. Malwarebytes and Windows Defender didn’t detected it before. False positive?
What are some alternatives?
Loki - Loki - Simple IOC and YARA Scanner
capa - The FLARE team's open-source tool to identify capabilities in executable files.
malware-ioc - Indicators of Compromises (IOC) of our various investigations
gsoc - NumFOCUS Google Summer of Code Materials
awesome-yara - A curated list of awesome YARA rules, tools, and people.
flare-fakenet-ng - FakeNet-NG - Next Generation Dynamic Network Analysis Tool
yarGen - yarGen is a generator for YARA rules
win32-shellcode - Win32 Shellcode CheatSheet: Your visual guide for crafting and understanding shellcode. Ideal for malware, and exploit developers
Suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
pytextcodifier - :package: Turn your text files into codified images or your codified images into text files.
DIE-engine - DIE engine
peresources