Data

Tools

Indexes

Applications

Experiments

Open Source Science

https://github.com/byt3n33dl3/offensiveyara

𝗬𝗔𝗥𝗔 for offensive, YARA can do that!?

https://github.com/byt3n33dl3/offensiveyara

Science Score: 13.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (7.7%) to scientific vocabulary
Last synced: 10 months ago · JSON representation

Repository

𝗬𝗔𝗥𝗔 for offensive, YARA can do that!?

Basic Info
Statistics
  • Stars: 11
  • Watchers: 1
  • Forks: 0
  • Open Issues: 0
  • Releases: 0
Created over 2 years ago · Last pushed almost 2 years ago
Metadata Files
Readme License

README.md

Weaponizing YARA

As we all know YARA ( language ) is a big thing in cyber security industry, it could be used as a tool for both side of the team. In here maybe a ( project ) from an attackers perspective:

  • Quality Assurance: Malware developers can use YARA to ensure their creations are not inadvertently detected by publicly available rules before deployment.
  • Code Reuse Identification: Identifying reused code snippets from known malware to leverage existing techniques while avoiding detection.

from a deffensive role perspective: We develop rules for new threats, and after their quality has been proven through testing in our cloud and other environments. These rules have been written by our threat analysts, for threat hunters, incident responders, security analysts, and other defenders that could benefit from deploying high-quality threat detection YARA rules in their environment.

Our detection rules, as opposed to hunting rules, need to satisfy certain criteria to be eligible for deployment, namely: * be as precise as possible, without losing detection quality * aim to provide zero false-positive detections

In order for the rules to be easy to understand and maintain, we adopted the following set of goals:

  • clearly named byte patterns
  • readable and transparent conditions
  • match unique malware functionality
  • prefer code byte patterns over strings

To ensure the quality of our rules, we continuously and extensively test them in our cloud, on over 10B (and rising) unique binaries. Rules are evaluated on every layer to detect threats within layered objects, such as packed PE files, documents, and archives, among other things.

Prerequisites

To successfully run the entire YARA rule set, you must have: * YARA version :: 3.2.0 * PE and ELF modules enabled

contributors of this OffensiveYARA:

Originally

Owner

  • Name: Sulaiman
  • Login: byt3n33dl3
  • Kind: user
  • Location: Error 403: Not on earth

I N F R A X 8 6

GitHub Events

Total
  • Watch event: 2
Last Year
  • Watch event: 2

Issues and Pull Requests

Last synced: about 1 year ago

All Time
  • Total issues: 0
  • Total pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Total issue authors: 0
  • Total pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 0
  • Pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 0
  • Pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
Pull Request Authors
Top Labels
Issue Labels
Pull Request Labels