Search this Blog
Showing posts with label yara rules. Show all posts
Showing posts with label yara rules. Show all posts

Monday, December 4, 2023

Fara: Faux YARA

FARA, or Faux YARA, is a simple repository that contains a set of purposefully erroneous Yara rules. It is meant as a training vehicle for new security analysts, those that are new to Yara and even Yara veterans that want to keep their rule writing (and debugging) sharp.


Example "faux" rule


Find it over on Github:

https://github.com/bartblaze/FARA 


Posted by at No comments:
Labels: , , ,

Saturday, December 10, 2022

Yara rules collection

Quite a while ago, I've published some of my private Yara rules online, on Github.

They can be found here:

https://github.com/bartblaze/Yara-rules

There's two workflows running on that Github repository:

  • YARA-CI: runs automatically to detect signature errors, as well as false positives and negatives.
  • Package Yara rules: allows download of a complete rules file (all Yara rules from this repo in one file) for convenience from the Actions tab > Artifacts (see image below).

image

The Yara rules are divided into:

  • APT
  • Crimeware
  • Generic
  • Hacktools
  • Ransomware

Furthermore, the rules can work natively with AssemblyLine due to the CCCS Yara rule standard adoption.

PR's are welcome where you see fit. 

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)