Rules Alternatives

rules reviews and mentions

• Web Security Resources Request
  2 projects | /r/blueteamsec | 25 Nov 2022

  Yara rules. https://github.com/Yara-Rules/rules

• How to check is a linux server is compromised or rooted?
  3 projects | /r/debian | 16 Sep 2022

  On the other hand, you could also use a Yara scanner (apt install yara) to scan for IOCs. Here's a good list of rules https://github.com/Yara-Rules/rules

• What is the use of an Av when it can be bypassed easily?
  1 project | /r/antivirus | 4 Sep 2022

  As we can see in this pic -> https://i.postimg.cc/qRPSyjvL/Screenshot-at-2022-09-04-13-36-40.png the crypted payload also fires off a lot more of the yara rules from the Yara Rules Project, so it's just a lot "louder" in terms of static analysis too. Top section is a payload that currently does not get detected, and does not use any encryption (the other screenshot showing OneNote.exe was actually taken from my test VM with this payload, so it definitely doesn't get detected lol). Bottom is the scarecrow payload that's aes256'd and still got caught pretty quick.

• Incorporating YARA Into Security Processes?
  2 projects | /r/AskNetsec | 16 Jun 2022
• Python Script EXE detected as virus in VT
  1 project | /r/Python | 17 Apr 2022
• YARA Rules for Malware
  2 projects | /r/Malware | 25 Sep 2021

  this repo is well-maintained. there are others exchanged in less public settings (in which i do not participate) if you're willing to contribute samples and signatures.

• Incident report collection
  1 project | /r/Malware | 5 Aug 2021
• A note from our sponsor - CodeRabbit
  coderabbit.ai | 23 Mar 2025

  Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR. Learn more →