Daniel Stinson-Diess shellcromancer
💻
usualsuspect
/ zip_ext.yara
Last active
December 24, 2022 04:57
YARA rule to match zips containing specific file extensions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule zip_with_ext | |
| { | |
| meta: | |
| author = "@jaydinbas" | |
| description = "Only match zip files containing desired file extensions" | |
| strings: | |
| $file_sig = "PK\x03\x04" //zip header sig | |
| $entry_sig = "PK\x01\x02" //ZIPDIRENTRY sig |
g-les
/ 100_days_of_yara.yar
Last active
September 26, 2022 01:01
100 Days of YARA to be updated with rules & ideas as the year progresses
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Goals for #100DaysofYARA: | |
| better understanding of bitwise operators | |
| use math module beyond general entropy of a section / resource | |
| position specific things beyond what PE module tells us | |
| do some funky stuff with hashing | |
| */ |