John has officially summited Mt Yara! Congrats John on completing #100DaysofYARA well done

Not just providing rules but insight into how and why you wrote them is setting a great example our little community 😄

I hope you’ve learned as much as you taught

#100DaysofYARA tons of tasty info can be pulled from Macho headers, especially Load commands! Lets get a generic count of LOAD_DYLIB commands to quantify the amount of external libraries are used - no idea if any # is suspicious

github.com/100DaysofYARA/…

#100DaysofYARA day 100 - roundup: bitsofbinary.github.io/yara/2023/04/1…

We made it to day 100! I'm very happy that I managed to do a post each day.

I covered the LNK module, use of modifiers, YARA performance basics, command line options, and a case study with AcidBox.

John #100DaysofYARA is a great initiative and I learned to write and modify YARA rules, As a beginner in Cybersecurity Field I started writing YARA RULE today .. Thank you John

Day20 of #100DaysofYARA : Use Case 4 for the THOR-Lite room done on Try Hack Me, only Use Case 5 remains! Custom rule for Use Case 4 - github.com/vert1c4l/100_D…

It's interesting that your analysis ended up here as well. I was looking at this for #100daysofyara and ended up getting there with my colleagues' (Daniel Mayer ) sentiment 'I see pdb, it goes in rule'

I love that Greg Lesnewich is going hard on MachO for #100DaysofYARA

I'm learning more every day!

#YARA siganture for #PikaBot #malware quickly generated with #binlex . Enjoy! 😘 #100daysofyara
gist.github.com/c3rb3ru5d3d53c…
github.com/c3rb3ru5d3d53c…

Congrats to John & Daniel Stinson for completing the 💯 Days of #YARA challenge!

Started by Greg Lesnewich, the #100DaysofYARA challenge encourages participants to share one YARA rule each 📆 day for the first 100 days of the year ➡️ hubs.ly/Q01PV8D00

Thanks for Greg Lesnewich for kicking this off, along with everyone who's added to the #100DaysofYARA community the last 2 years: John, Super Sheep (@[email protected]), Silas, Steve YARA Synapse Miller, Daniel Mayer, Wesley Shields, French, [email protected] and surely more!

Day 💯 of #100DaysofYARA : When started on Jan 1st I had no idea I was going to do any YARA rules in 2023 let along a 100 day streak🔥

There were lots of macOS/Mach-O rules, file fats, and more. Check out this summary post: shellcromancer.io/posts/100-days…

Is your business missing out on Employee Retention tax credits? The IRS is giving businesses $26k per employee. Learn more about why Stenson Tamaddon is a preferred partner for thousands of businesses and CPA firms.

With supply chain in the news and #100daysofyara wrapping up. I wanted to ask all my co-participants, how do you handle taking this Intel home? I know how we handle it Stairwell, but how are YOU back scanning your entire environment?

#100DaysOfYara rules git repo about to get a live demo on OALabs twitch stream over unpac.me data.

Day 86 of #100DaysofYARA : The MacStealer malware we wrote a signature for yesterday includes lots of .pyc python-byte code. Got more familiar with that format today, writing a rule and analyzing it. 🧵

YARA: github.com/shellcromancer…

🔴 We are live!

Join us for Part 2 of #PikaBot

Malware analysis 👀

#OALABS

twitch.tv/oalabslive

Smoke loader seen recently with this pdb 'C:\\yeya-valuruzer rucetofalumo p.pdb'. If you've seen it too, I'd love to chat. #100daysofyara

Dropped my latest post on NPPSPY! ft. Rob Dray Agha Grzegorz Tworek SnapAttack
malwareguy.tech/Hunts/nppspy.h…

#ENVTuber #VTuber EN #VTuber #ThreatHunting #Malware #ReverseEngineering #DigitalForensics #IncidentResponse #Malware Hunting #100DaysofYARA

One of the most incredible analysts in the #ThreatIntel space - John - has just completed the #100DaysofYARA challenge with an awesome blog to go along with it. You cannot learn enough from this man, please for your benefit check it out!

bitsofbinary.github.io

The #100DaysofYARA crew slayed it this year: big hustles fm Greg Lesnewich Daniel Stinson John Wesley Shields Super Sheep (@[email protected]) French Silas Cutler Daniel Mayer Jeremy Brown Malvidin Colin Cowie👨🏼‍💻| @[email protected] @tlan Josh Stroschein Alex Hegyi Paul Melson vertic4l & more. Props y'all.

YARA rules.

Daniel Stinson Greg Lesnewich I'll second that too 👍 #100DaysofYARA club in the making

10 stickers for $1 plus free shipping! 🤯

Day 8️⃣6️⃣ of #100DaysofYARA : The MacStealer malware we wrote a signature for yesterday includes lots of .pyc python-byte code. Got more familiar with that format today, writing a rule and analyzing it. 🧵

YARA: github.com/shellcromancer…

I like #100DaysOfYARA drive-bys

Here's one

rule MurmurHash_x86
{
strings:
$v = {69 ?? 51 2d 9e cc c1 ?? 0f 69 ?? 93 35 87 1b}
condition:
any of them
}

🔴 We are live!

Join us for some #Yara fun 🤠

twitch.tv/oalabslive

Shoutout to Greg Lesnewich for organising #100DaysofYARA , and for everyone who has contributed this year, including Daniel Stinson, Super Sheep (@[email protected]), Daniel Mayer, Wesley Shields, French, Steve YARA Synapse Miller, and more!

Super Sheep (@[email protected]) so where did we land? well - strings, which were low effort, yielded the same results as ~20 minutes or so of analysis in disassembly. This was not an 'expected' outcome - this was just a live tweeting of my process of how and why decisions get made in my YARA journey

Playing with suspicious Windows driver usage ideas & unintentionally made a rule that found drivers in the rsrc section so I thought I'd post it. Most of the matches are boring & seemingly from ~2009 ¯\_(ツ)_/¯ gist.github.com/schrodyn/9d8eb… #100DaysOfYara