Cita

"Those who are willing to pay a penny of security for a penny of usability will eventually have neither"

10 febrero 2017

Yara


If you happen to start learning the techniques and procedures of malware analisys (just like me), you may find usefull the following resources:

The basic stuff:

The Yara documentation:
http://yara.readthedocs.io/en/stable/

A gentle introduction to the subject:
http://www.slideshare.net/JohnLaycock1/yet-another-yara-allocution-yaya

Let's see how to do it (video):
https://www.reddit.com/r/ReverseEngineering/comments/5a7amr/malware_analysis_malware_hunting_and/

You'll also need:

List of signatures:
https://en.wikipedia.org/wiki/List_of_file_signatures

An Hex editor of your choice:
https://x-ways.net/winhex/
https://mh-nexus.de/en/hxd/

Some performance guidelines:
https://gist.github.com/Neo23x0/e3d4e316d7441d9143c7


Which platform?:

You can install it on Windows, as explained in the documentation above.

But your choice may also be using a Linux distro specifically designed for malware analys, like REMnux, which includes yara (and many others tools) by default:
https://remnux.org/docs/distro/get/

REMnux can also share space with SIFT Workstation:
https://digital-forensics.sans.org/blog/2015/06/13/how-to-install-sift-workstation-and-remnux-on-the-same-forensics-systemhttps://remnux.org/docs/distro/get/

You can always use Yara online:
https://analysis.yararules.com/



{Enjoy it!}





1 comentario:

A penny for your thoughts