von Florian Roth | Apr 15, 2016 | Tool, Tutorial, YARA
It has been a while since I wrote „How to Write Simple but Sound Yara Rules – Part 2“. Since then I changed my rule creation method to generate more versatile rules that can also be used for in-memory detection. Furthermore new features were added to...
von Florian Roth | Dez 22, 2015 | LOKI, Security Monitoring, THOR, Tool, Tutorial, YARA
YARA is an awesome tool especially for incident responders and forensic investigators. In my scanners I use YARA for anomaly detection on files. I already created some articles on „Detecting System File Anomalies with YARA“ which focus on the expected...
von Florian Roth | Okt 17, 2015 | Tool, Tutorial, YARA
Months ago I wrote a blog article on „How to write simple but sound Yara rules“. Since then the mentioned techniques and tools have improved. I’d like to give you a brief update on certain Yara features that I frequently use and tools that I use to...
von Florian Roth | Feb 16, 2015 | LOKI, THOR, Tool, Tutorial, YARA
During the last 2 years I wrote approximately 2000 Yara rules based on samples found during our incident response investigations. A lot of security professionals noticed that Yara provides an easy and effective way to write custom rules based on strings or byte...
