#100DaysOfYARA
Service Remote Access Trojan that attackers can use to collect information from infected machines. It was one of the most popular RATs in the market in 2015.
github.com/hk0x1/Yara-Rul…
#100DaysOfYara Day 14:
Another rule for a #UnprotectProject technique. This rule targets the Right-To-Left (RLO) extension spoofing technique.This spoofing also works on VT but only in the GUI, the URL shows the actual file %E2%80%AEfdp.exe
E2 80 AE are the bytes encoding the…
#100DaysOfYara #R7_Labs
Here is a YARA rule to hunt for a new #AtlantidaStealer
github.com/rapid7/Rapid7-…
checkout the analysis rapid7.com/blog/post/2024…
Opened the AV-TEST GmbH Security Summit 2024 earlier today and just finished my talk about YARA. Spoiler: You still need EPP/EDR 😁
#100daysofyara #cybersecurity #endpointprotection
#100DaysofYARA
Final post on the challenge for this year, just wanted to share the awesome swag that I received today courtesy of Greg Lesnewich
It was an absolute pleasure participating along side others 🐧
Catch you all next year, until then, stay frosty...
#100DaysOfYara Day 16:
Today I wrote a rule for the PyArmor python obfuscator. A simple rule checking for common strings used by the obfuscators runtime. Also contributing this to #UnprotectProject
github.com/cod3nym/detect…
We at AV-TEST GmbH test IT security. So I wanted to join #100DaysOfYARA and see how well YARA rules perform compared to the EPP products we test regularly. I used the different rule sets from the YARA Forge project provided by Florian Roth
Read the thread for all details!
I stopped the #100daysofYara 🙈 because I got swamped with other work & life but during my stint with the challenge, I released YaraToolkit and DocYara (which, let's just say, took me quite some time to create). 🤓
🛠️YaraToolkit is your all-in-one Yara go-to spot 🌟—from…
#100DaysOfYara
I have lost count of how many days have passed but here is the Yara rule for #NarniaRAT from the #BotnetFenix campaign
Rule: github.com/RussianPanda95…
#100DaysofYARA
I think this challenge was a huge success...
Kudos to Greg Lesnewich for creating such an awesome initiative, Thomas Roccia 🤘 for building YARA toolkit which was super handy, Steve YARA Synapse Miller for the motivation 🐧
I also wrote a Blog on it ⬇️
rustynoob-619.github.io/100-Days-of-YA…
Captains log - Day 11 of #100DaysOfYara I stumbled upon a fork of Mirai called Hailbot that seems to be targeting Huawei hardware in hopes of building a botnet with aim of providing a Denial of Service as ...a Service(???lol).
How am I so sure its Hailbot? well first the YARA…
#100daysofYARA I use a similar technique to this querying logs remotely as the rule can then return the whole line for context instead of just the string hit.
Here is a an example looking for a line hit adding in anchors at beginning and end targeting access logs.
Pretty much…
wrote a lil helper binja script to clean up the __cstring section of a macho file!
its not always perfect but it generally makes the rev experience nicer (esp for those grinding #100DaysOfYara 🫡)
gist.github.com/ald3ns/bc3bcc6…