Slide 6
Slide 6 text
Import Module
pe, elf, hash, math, cuckoo, dotnet, time
Rule Name
Global rules, Private rules, Rule tags Metadata
Author, Date, Description, Etc…
Strings
Text strings, Hexadecimal string, Regex
Text Strings
nocase, wide, fullword, xor(0x01-0xff), base64
Hexadecimal
Wild-cards: { 00 ?2 A? }, Jump: { 3B [2-4] B4
}Alternatives: { F4 (B4 | 56) }
REGEX
Conditions
Boolean operators, Arithmetic operators,
Bitwise operators, Counting strings,
Strings, offset
https://blog.securitybreak.io/security-infographics-9c4d3bd891ef#18dd