Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Somewhat related: I built a library to speed up matching many regex with mostly mismatches by adding non-regex pre matchers. https://github.com/Quantco/multiregex
In our firmware extraction suite, we started searching patterns with Yara, but it was so slow we switched to Hyperscan: https://github.com/onekey-sec/unblob/blob/main/unblob/finder...
We are quite happy with the huge performance boost, never looking back :) Yara was even segfaulted when we tried to extract an Ubuntu ISO image with it.
The only problem with Hyperscan is that it only supports Intel CPUs (it has some hand-crafted assembly), so it doesn't work on Apple M1 Macs, but there is a fork called VectorScan, which is working on ARM: https://github.com/VectorCamp/vectorscan
We implemented a couple of small DSL classes in Python to be able to define YARA-like rules, it might be useful for you too, check it out here: https://github.com/onekey-sec/unblob/blob/cdd7a46667ffdfdfae...
In our firmware extraction suite, we started searching patterns with Yara, but it was so slow we switched to Hyperscan: https://github.com/onekey-sec/unblob/blob/main/unblob/finder...
We are quite happy with the huge performance boost, never looking back :) Yara was even segfaulted when we tried to extract an Ubuntu ISO image with it.
The only problem with Hyperscan is that it only supports Intel CPUs (it has some hand-crafted assembly), so it doesn't work on Apple M1 Macs, but there is a fork called VectorScan, which is working on ARM: https://github.com/VectorCamp/vectorscan
We implemented a couple of small DSL classes in Python to be able to define YARA-like rules, it might be useful for you too, check it out here: https://github.com/onekey-sec/unblob/blob/cdd7a46667ffdfdfae...
PSA that the python bindings for hyperscan need maintainers: https://github.com/darvid/python-hyperscan/issues/44