HackDig : Dig high-quality web security articles for hacker

mkYARA – Writing YARA rules for the lazy analyst

Writing YARA rules based on executable code within malware can be a tedious task. An analyst cannot simply copy and paste raw executable code into a YARA rule, because this code contains variable values, such as memory addresses and offsets. The analyst has to disassemble the code and wildcard all the pieces in the code that can change between samples. mkYAR
Publish At:2019-09-19 23:30 | Read:331 | Comments:0 | Tags:Threat Intelligence Uncategorized reverse-engineering YARA

[SANS ISC] Stop relying on file extensions

I published the following diary on isc.sans.org: “Stop relying on file extensions“. Yesterday, I found an interesting file in my spam trap. It was called ‘16509878451.XLAM’. To be honest, I was not aware of this extension and I found this on the web: “A file with the XLAM file extension is an Excel Macro-Enabled Add-In file that’
Publish At:2017-10-24 21:20 | Read:4236 | Comments:0 | Tags:SANS Internet Storm Center Security SANS ISC YARA

Signature-Based Detection With YARA

In a previous post, I talked about how you can use STIX, TAXII and CybOX to share threat intelligence. One of the key elements for putting cyberthreat information to good use requires that the information is actionable, or at least usable. The shared information has to be accurate, complete and relevant for your environment. CybOX provides a common structure
Publish At:2015-06-24 12:25 | Read:4943 | Comments:0 | Tags:Infrastructure Protection Malware Network & Endpoint Securit

ITsecurity Daily Briefing: 08/18/2014

ITsecurity Daily Briefing: 08/18/2014 The ITsecurity daily security briefing: Thursday August 18, 2014.NewsPapers/ReportsWebThingsEventsM&AAlertsNewsHillary Clinton’s phone ‘hacked by German intelligence’“Hillary Clinton’s phone was hacked during her t
Publish At:2014-08-19 04:10 | Read:11250 | Comments:0 | Tags:News account takeover Bitcoin Blackphone Browlock BSOD Clint

New release YARA 3.0

Over this week a new version of Yara have been released. YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of string
Publish At:2014-08-17 21:00 | Read:3846 | Comments:0 | Tags:Malwares Malware Analyses Malware Research YARA


Share high-quality web security related articles with you:)


Tag Cloud