radare 
Amaru it's an OpenSource #antivirus for Windows 11 with real-time scanning, #Yara and radare2 integration written in #Rust. https://github.com/CripterHack/Amaru
Recent searches
Search options
#yara
0 posts0 participants0 posts today
#YARA es una preciosa gatita Carey de 8 años que lleva en protectora prácticamente toda su vida. Nunca llegó a adaptarse a la gatera y hubo que buscarle una guardería de pago en una casa. Necesita una familia que la quiera y cuide para siempre.
#Sevilla
contacto@megacan.org
https://shorturl.at/3L09d
Continued thread
If you missed it last week, you can check emissions accounting tricks by #Basf #ArcelorMittal #Yara #E.ON et al and other 
EU Clean Industrial Deal in ac...
Bluesky SocialBluesky
Continued thread
#BlueHydrogen is fossil-based, with CO2 captured w/ #CCS
Research shows that #blueH2 total ghg footprint can be 20% or even 50% worse 4 the planet than burning gas directly.
Fossil fuel lobbyists have for years lobbied to label #blueH2 as low carbon or clean.
MalChela Updates: New Features and Enhancements
It’s been just over a week since MalChela was initially released and already here have been a number of updates.
mStrings
In the previous post, I walked through the new mStrings function. I think this is one of my favorites so far. It extracts strings from a file and uses Sigma rules defined in YAML against the strings to evaluate threats and align results to the MITRE ATT&CK framework.
For fun I pointed it at an old WannaCry sample . I had a proud papa moment at the positive network IOC detection.
Check for Updates
Next came a function to automatically check the GitHub repo for updates and encourage a git pull to grab the latest… because apparently I can’t stop myself and this project will just keep growing, as my sleep keeps dwindling. Personally I found it ironic that you have to update in order to get the update telling you that updates are available… but it will work for all future updates as they come. So go ahead and update why don’t you.
Screenshot of MalChela indicating an update is available via git.New File Analyzer module
Most recently a File Analyzer module has been added. Give it the path to your suspect file and it will return back:
- SHA-256 Hash
- Entropy (<7.5=high)
- A RegEx detection for packing (mileage may vary)
- PE Header info if it’s a PE
- File Metadata
- Yara Matches (any rules in yara_rules folder in workspace)
- If there’s a positive match for the hash on VirusTotal (leverages the same key as previously in MalChela with the Virus Total / Malware Bazaar lookup)
Lastly, you’re given the option of whether or not you want to run strings on the file, or return to the main menu.
I really like the idea of using this as a possible first step in static analysis. Run this first and opt for strings. Things look interesting there, throw it into mStrings. Positive match on VirusTotal – use the malware hash lookup and get a more detailed analysis. Use the results from mStrings to craft a YARA rule and add it to your repo for future detections.
mStrings: A Practical Approach to Malware String Analysis
String analysis is a cornerstone of malware investigation, revealing embedded commands, URLs, and other artifacts that can expose a threat’s intent. mStrings, a Rust-based tool, simplifies this process by scanning files, extracting meaningful strings, and structuring results for efficient analysis.
At its core, mStrings is more than a simple string extraction tool. It integrates regex-based detection rules to identify key indicators, offering a refined approach to analyzing malware artifacts. In addition to console output it also presents data in a structured JSON format, allowing for seamless integration into other security workflows.
screenshot from mStringsIn addition to specialized string searching, mStrings detections associate results with MITRE ATT&CK. When malware indicators map to known MITRE ATT&CK techniques, analysts can quickly understand the intent and behavior of a threat. Instead of just seeing a suspicious string, they can recognize that it corresponds to credential dumping, command-and-control, or privilege escalation, enabling faster triage and response.
Optimized for Practical Investigation
Security professionals often need to cross-reference findings in a hex editor. mStrings accounts for this by capturing detailed string locations in hex, allowing for immediate context when reviewing suspicious files. This level of granularity is particularly valuable when analyzing packed or obfuscated malware, where offsets can provide crucial insights.
mStrings showing hex location for identified stringAfter the scan, reviewing the complete strings dump is just as easy with an option to open the results directly in VS Code.
mStrings prompt to review saved stringsTechnology That Powers It
Built in Rust, mStrings leverages its robust ecosystem to enhance performance and reliability. Sigma-based detection rules allow for flexible and easily modifiable patterns, giving analysts control over what indicators to track. The tool’s structured approach ensures that results are not just extracted but meaningfully categorized for deeper analysis.
A Tool That Grows with You
mStrings is extensible, enabling you to customize detections. Not satisfied with the existing detection rules? You can easily write your own in Sigma. Future improvements will refine regex patterns, enhance Windows compatibility, and introduce new features to improve investigative workflows. Designed with usability in mind, mStrings serves as a practical companion for analysts who need clear, structured, and insightful data extraction.
MStrings is one of many malware analysis utilities included in MalChela. Download from Github and let me know what you think. If you’ve already installed Malchela, git pull will download the latest updates.
https://github.com/dwmetz/MalChela
Try this out for a workflow. Use Hash It (3) and give it the file path for a malware file. Use the hash from Hash It and check it against VirusTotal an Malware Bazaar with the Malware Hash Lookup (10). Then jump into mStrings (4), give it the same file path again, and start pulling out the interesting strings. Once you have what you think is a good number of indicators, run Strings to YARA (9) and generate a fully formatted YARA rule for use in any of your security tools.
Continued thread
We did it! 
Bin überglücklich, haben wir mit diesem Projekt im Kleinen "beweisen" können, worum es uns im Grossen geht: Wenn sich Menschen zusammenschliessen, wird vieles möglich. Danke an #Sandro, #Noemi, #Timothy, #Nina, #Flurin, #Eticus, #Fabio, #Jasmin, #Luc, #Mo, #Florin und #Yara, dass ihr dieser Idee Zeit ...
2/3
engagiere-dich.chEngagiere dich!engagiere-dich.ch bringt Menschen zusammen, die sich für sozialen, ökologischen und feministischen Wandel einsetzen.
Any tips on organizing yara files ? After downloading a couple of popular repo's I get 10+ rules all telling me a piece of malware is Mirai ;-)
Do you manually curate the rules yourself or do you get them from better sources ?
I hope you will find it useful! Have fun 
And if you like this one you might like the full book: https://store.securitybreak.io/threatintel
We already covered RAG and Agents. Let's talk today about blending both of them!
Earlier this year, for the #100DaysOfYARA I built YaraToolkit, a website for all things YARA and I also created DocYara.
DocYara is a GenAI agent powered by a RAG packed with the YARA documentation and selected blogposts. DocYara can help you in the process of crafting YARA rules, refining it or optimizing it.
I'm also dropping the slides from my presentations at
@HCKSYD
and Bsides Gold Coast where I presented these tools!
And here’s a friendly reminder: #100DaysOfYARA kicks off in January. Maybe it’s time for me to update DocYara with automatic rule deployments as we already discussed! 
just pushed a new release of The Yaralyzer, my unexpectedly popular tool for visually inspecting the output of #YARA scans with a lot of colors. example output below. change is small: it can now use a directory full of YARA rules files without renaming them all to end in .yara.
https://github.com/michelcrypt4d4mus/yaralyzer
someone has packaged this tool for Kali Linux though I don't know if it's in the distro yet. also available for macOS homebrew via an installer someone made for The Pdfalyzer.
Thomas Roccia at #Microsoft was also kind enough to make The Yaralyzer available via a web interface: https://x.com/fr0gger_/status/1749690000478974283
We're excited to announce the integration of static file analysis powered by YARA into Corelight’s NDR platform! This powerful integration provides security teams with:
With over 6 billion malware attacks in 2023, staying ahead of threats is crucial. Learn how Corelight + YARA boosts SOC efficiency and strengthens network security.
Catch Mark Overholser's breakdown on how Corelight's YARA rules integration empowers threat detection 
#Cybersecurity #NDR #YARA #MalwareDetection #NetworkSecurity
splann
Chez Yara et Total, des salariés en danger dans des usines vétustes
https://mcinformactions.net/chez-yara-et-total-des-salaries-en-danger-dans-des-usines-vetustes
#Yara #Total #engraisindustriels
mcinformactions.netChez Yara et Total, des salariés en danger dans des usines vétustes - [mcInform@ctions]
Yara n'abandonne pas l'idée de stocker du nitrate d'ammonium dans son usine de Montoir-de-Bretagne, près de Saint-Nazaire.
Une demande formulée il y a deux semaines par l'industriel a été bloquée par la préfecture de Loire-Atlantique, nous apprend
Ouest-France Saint-Nazaire. 1/
You can now generate #yara rules within @radareorg with the yrg command of the r2yara plugin. Presented by @ipolit at #r2con2024
Last for today, but certainly not least: Ange Albertini presenting "Understanding file type identifiers"
@Ange
Warning: contains raw bytes
https://github.com/google/magika
#hacklu2024 @hack_lu #Yara
#LibMagic #TrID #Yara #Magika #PeID #Pronom #FDD #ShareMime #DiE
GitHubGitHub - google/magika: Detect file content types with deep learningDetect file content types with deep learning. Contribute to google/magika development by creating an account on GitHub.
Latest Updates on Kunai
by Quentin Jerome
Les usines vieillissantes de Yara et de TotalEnergies sur le port de Saint-Nazaire font face à de graves problèmes de sécurité et d’atteintes à l'environnement. 
Des incidents, y compris un décès, relancent les inquiétudes quant à l'exposition des travailleurs et des riverains aux substances toxiques telles que l'ammoniac et le benzène. Les autorités ont émis des mises en demeure, mais les lacunes persistent.
https://splann.org/enquete/pollution-saint-nazaire/yara-total-salaries-danger/
