yara
yara-python
yara | yara-python | |
---|---|---|
19 | 1 | |
7,679 | 623 | |
1.8% | 0.6% | |
8.9 | 6.7 | |
3 days ago | about 1 month ago | |
C | C | |
BSD 3-clause "New" or "Revised" License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
yara
- Ask HN: Regex on a File or Stream
-
Who does check linux distros of malware - open source
Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...
- Release YARA v4.4.0-rc1 - lnk module
- Release YARA v4.3.0-rc1
- yara - The pattern matching swiss knife for malware researchers (and everyone else)
- Hogy lehet észrevenni, ha valaki bejár a gépedre és adatot visz ki? KRÉTA sztori spin-off
- LNK module for Yara
-
Open source tools and standards to lookup known files
Shameless plug: I wrote a small poc module to use hashlookup's bloom filter in yara (https://github.com/VirusTotal/yara). The idea is to easily discard files that are known to be safe and so to avoid launching thousands of yara rules on a file for nothing. One can also use it to keep track of some files that meet certain conditions for instance. The module can store any string in these filters so I see a lot of useful use-cases for this little thingy :)
- Yara - The pattern matching swiss knife
-
Tasked with building a malware analysis / threat hunting machine . Need feedback
YARA - https://virustotal.github.io/yara/
yara-python
-
Pros and Cons of Rust for Cybersecurity
But, due to the young ecosystem, Rust isn't often the best choice for the 2nd category. There are exceptions: while working on a ROP exploitation CLI tool, I was surprised to find the top 3 fastest x86-64 disassemblers are all written in Rust. But other languages just have more mature security ecosystems. Python in particular has some amazing libraries like scapy and bindings for yara.
What are some alternatives?
Loki - Loki - Simple IOC and YARA Scanner
signature-base - YARA signature and IOC database for my scanners and tools
malware-ioc - Indicators of Compromises (IOC) of our various investigations
awesome-yara - A curated list of awesome YARA rules, tools, and people.
a-ray-grass - a-ray-grass is a yara module that provides support for DCSO-format bloom filters in yara. In the context of hashlookup, it allows quickly discard known files "pour séparer le grain de l'ivraie"
yarGen - yarGen is a generator for YARA rules
scapy - Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
Suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
xgadget - Fast, parallel, cross-variant ROP/JOP gadget search for x86/x64 binaries.
flare-floss - FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
disas-bench - X86 disassembler benchmark