Blog

Filter: files - Clear Filter

YARA Rules to Detect Uncommon System File Sizes

by Florian Roth | Dec 22, 2015

YARA is an awesome tool especially for incident responders and forensic investigators. In my scanners I use YARA for anomaly detection on files. I already created some articles on "Detecting System File Anomalies with YARA" which focus on the expected contents of...

How to Scan for System File Manipulations with Yara (Part 2/2)

by Florian Roth | Aug 28, 2014

As a follow up on my first article about inverse matching yara rules I would like to add a tutorial on how to scan for system file manipulations using Yara and Powershell. The idea of inverse matching is that we do not scan for something malicious that we already know...

GDPR Cookie Consent with Real Cookie Banner