The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 11 yara-rule Open-Source Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
yaralyzer
Visually inspect and force decode YARA and regex matches found in both binary and text data. With Colors.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
yara4ida
Unofficial YARA IDA Pro plugin, along with an unparalleled crypto/hash/compression rule set based on Luigi Auriemma's signsrch signatures.
-
audit-node-modules-with-yara
Audit Node Module folder with YARA rules to identify possible malicious packages hiding in node_moudles
-
AMAYARA-Lab
The アマヤラ Lab project provides a ready-to-use Jupyter Lab environment to help out with Android malware analysis using YARA rules.
Project mention: My Boss Downloaded and Opened a .lnk File and Installed a Malware in His Device | /r/computerforensics | 2023-06-06You should run a tool like loki for ioc scanning. This will identify persistence https://github.com/Neo23x0/Loki
Project mention: Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) | news.ycombinator.com | 2024-04-01> It doesn't matter.
To understand the exact behavior and extend of the backdoor, this does matter. An end to end proof of how it works is exactly what was needed.
> A way to check if servers are vulnerable is probably by querying the package manager
Yes, this has been know since the initial report + later discovering what exact strings are present for the payload.
https://github.com/Neo23x0/signature-base/blob/master/yara/b...
> Not very sophisticated, but it'll work.
Unfortunately, we live in a world with closed-servers and appliances - being able as a customer or pen tester rule out certain class of security issues without having the source/insights available is usually desirable.
yara-rules related posts
- Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
- Exploit Outlook CVE-2023-23397 Yara - to detect .msg files exploiting CVE-2023-23397 in Microsoft Outlook
- Exploit Outlook CVE-2023-23397 Yara - to detect .msg files exploiting CVE-2023-23397 in Microsoft Outlook
- OneNote Yara rule
- New Exchange Zero Day rumours [29th September]
- Završio/la si TVZ? Još sutra traju prijave za networking događaj Alumnijada 2022 (četvrtak 29.9.2022.)
- Radi li iko u cybersecurity sektoru?
-
A note from our sponsor - WorkOS
workos.com | 19 Apr 2024
Index
What are some of the best open-source yara-rule projects? This list will help you:
Project | Stars | |
---|---|---|
1 | awesome-yara | 3,234 |
2 | Loki | 3,213 |
3 | signature-base | 2,320 |
4 | reversinglabs-yara-rules | 688 |
5 | wafaray | 106 |
6 | yaralyzer | 100 |
7 | threat-research-and-intelligence | 88 |
8 | yara4ida | 57 |
9 | Cerebro | 19 |
10 | audit-node-modules-with-yara | 19 |
11 | AMAYARA-Lab | 1 |