von Florian Roth | Apr 15, 2016 | Tool, Tutorial, YARA
It has been a while since I wrote „How to Write Simple but Sound Yara Rules – Part 2“. Since then I changed my rule creation method to generate more versatile rules that can also be used for in-memory detection. Furthermore new features were added to...
von Florian Roth | Dez 22, 2015 | LOKI, Security Monitoring, THOR, Tool, Tutorial, YARA
YARA is an awesome tool especially for incident responders and forensic investigators. In my scanners I use YARA for anomaly detection on files. I already created some articles on „Detecting System File Anomalies with YARA“ which focus on the expected...
von Florian Roth | Okt 17, 2015 | Tool, Tutorial, YARA
Months ago I wrote a blog article on „How to write simple but sound Yara rules“. Since then the mentioned techniques and tools have improved. I’d like to give you a brief update on certain Yara features that I frequently use and tools that I use to...
von Florian Roth | Feb 16, 2015 | LOKI, THOR, Tool, Tutorial, YARA
During the last 2 years I wrote approximately 2000 Yara rules based on samples found during our incident response investigations. A lot of security professionals noticed that Yara provides an easy and effective way to write custom rules based on strings or byte...
von Florian Roth | Aug 28, 2014 | APT, Command Line, Tool, Tutorial, YARA
As a follow up on my first article about inverse matching yara rules I would like to add a tutorial on how to scan for system file manipulations using Yara and Powershell. The idea of inverse matching is that we do not scan for something malicious that we already know...
