Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Yara Toolkit
Search
Thomas Roccia
December 16, 2024
Programming
0
200
Yara Toolkit
This talk was presented at Hack Sydney and Bsides Gold Coast.
Thomas Roccia
December 16, 2024
Tweet
Share
More Decks by Thomas Roccia
See All by Thomas Roccia
Generative AI Breaches: Threats, Investigations, and Response
fr0gger
0
560
The XZ Backdoor Story
fr0gger
0
4.6k
Prompt Engineering for Threat Intelligence
fr0gger
1
670
State-Sponsored Financially Motivated Attacks
fr0gger
0
720
Binary Instrumentation for Malware Analysis
fr0gger
2
1.7k
Conti Leaks: Practical walkthrough and what can we learn from it
fr0gger
0
1k
Sharing is Caring: Sharing Threat Intelligence Notebook Edition
fr0gger
0
2k
Code Graphology
fr0gger
0
850
X-Ray of Malware Evasion Techniques: Analysis, Dissection, Cure?
fr0gger
3
1.1k
Other Decks in Programming
See All in Programming
Flutter with Dart MCP: All You Need - 박제창 2025 I/O Extended Busan
itsmedreamwalker
0
140
私の後悔をAWS DMSで解決した話
hiramax
4
190
Laravel Boost 超入門
fire_arlo
2
210
FindyにおけるTakumi活用と脆弱性管理のこれから
rvirus0817
0
430
Improving my own Ruby thereafter
sisshiki1969
1
160
Tool Catalog Agent for Bedrock AgentCore Gateway
licux
4
990
Swift Updates - Learn Languages 2025
koher
2
450
オープンセミナー2025@広島「君はどこで動かすか?」アンケート結果
satoshi256kbyte
0
240
MLH State of the League: 2026 Season
theycallmeswift
0
220
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
350
Claude Codeで挑むOSSコントリビュート
eycjur
0
200
go test -json そして testing.T.Attr / Kyoto.go #63
utgwkk
3
260
Featured
See All Featured
How STYLIGHT went responsive
nonsquared
100
5.8k
A Modern Web Designer's Workflow
chriscoyier
696
190k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
Fireside Chat
paigeccino
39
3.6k
Documentation Writing (for coders)
carmenintech
74
5k
Building Flexible Design Systems
yeseniaperezcruz
328
39k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
GraphQLとの向き合い方2022年版
quramy
49
14k
A better future with KSS
kneath
239
17k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.9k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
111
20k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Transcript
YARA TOOLKIT
None
DEMO DEMO
👀
Analysis similar binaries Identify unique patterns strings, code... Build the
rule with your findings Test on a cleaned dataset Deploy to the service of choice Monitor everything
Import Module pe, elf, hash, math, cuckoo, dotnet, time Rule
Name Global rules, Private rules, Rule tags Metadata Author, Date, Description, Etc… Strings Text strings, Hexadecimal string, Regex Text Strings nocase, wide, fullword, xor(0x01-0xff), base64 Hexadecimal Wild-cards: { 00 ?2 A? }, Jump: { 3B [2-4] B4 }Alternatives: { F4 (B4 | 56) } REGEX Conditions Boolean operators, Arithmetic operators, Bitwise operators, Counting strings, Strings, offset https://blog.securitybreak.io/security-infographics-9c4d3bd891ef#18dd
memset(key, fillValue, sizeof(key)); memset(permutedArray, fillValue_1, sizeof(permutedArray)); for ( i =
0i64; i != 256; ++i ) { permutedArray[i] = i; key[i] = RC4key[(int)i % 12]; // '3jB(2bsG#@c7' } index1 = 0i64; index2 = 0; do { currentValue = permutedArray[index1]; index2 += key[index1] + currentValue; swapValue = permutedArray[index2]; permutedArray[index2] = currentValue; permutedArray[index1++] = swapValue; }
CVE-2021-1732 was a Local Privilege Escalation (LPE) exploit on Windows
10, exploited in the wild by the Bitter APT.
None
None
None
None
None
None
None
Yara Documentation, Useful resources. Knowledge Base Embedding Retriever Putting the
data in a multi dimensional vector Retrieve information from the database based on similarity RAG DocYara Help you understand how to use Yara Help you create your rule Help you refine your rule 👨⚕️ Retrieval Augmented Generation
None
None
None