It has been a while since I wrote „How to Write Simple but Sound Yara Rules – Part 2„. Since then I changed my rule creation method to generate more versatile rules that can also be used for in-memory detection. Furthermore new features were added to yarGen and yarAnalyzer. Binarly The most important feature of […]
Tag Archives: rules
YARA Rules to Detect Uncommon System File Sizes
YARA is an awesome tool especially for incident responders and forensic investigators. In my scanners I use YARA for anomaly detection on files. I already created some articles on „Detecting System File Anomalies with YARA“ which focus on the expected contents of system files but today I would like to focus on the size of […]
How to Write Simple but Sound Yara Rules – Part 2
Months ago I wrote a blog article on „How to write simple but sound Yara rules„. Since then the mentioned techniques and tools have improved. I’d like to give you a brief update on certain Yara features that I frequently use and tools that I use to generate and test my rules. (mehr …)
How to Write Simple but Sound Yara Rules
During the last 2 years I wrote approximately 2000 Yara rules based on samples found during our incident response investigations. A lot of security professionals noticed that Yara provides an easy and effective way to write custom rules based on strings or byte sequences found in their samples and allows them as end user to […]
Request a THOR Trial
White Papers
 |
APT Scanner THOR White Paper (DE) (PDF 1 MB) |
|
APT Scanner THOR White Paper (EN) (PDF 1 MB) |
|
APT Scanner THOR Slides (EN) (PDF 1.3 MB) |
|
THOR Cheat Sheet (PDF 0.07 MB) |
|
Splunk Übersicht (PDF 0.4 MB) |
|
Flyer der Hackerabwehr Schulung (PDF 0,5 MB) |
