Unveiling RIFT: Enhancing Rust malware analysis through pattern matching

Today, Microsoft Threat Intelligence Center is excited to announce the release of RIFT , a tool designed to assist malware analysts automate the identification of attacker-written code within Rust binaries. Known for its efficiency, type safety, and robust memory safety, Rust has increasingly...

Hfinger - Fingerprinting HTTP Requests

Tool for Fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :- Its main objective is to provide unique representations fingerprints of malware requests, which help in their identification. Unique means here that each fingerprint should be seen...

Fedora: Security Advisory for python-yara (FEDORA-2022-21cf5402fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: yara-4.2.3-1.fc36

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

Fedora: Security Advisory for yara (FEDORA-2021-dd62918333)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: python-yara-4.1.0-1.fc34

Python binding for the YARA pattern matching tool. YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each...

Partner Perspectives: Notes from the Field: Extending Carbon Black Visibility to Undetected Malware

Daniel LaVoie is a Senior Solutions Specialist at ReversingLabs. On a recent customer visit, I asked the company’s Director of Security Operations how ReversingLabs came to be deployed as a part of their SOC tool set. The answer was quite interesting, and one that I wanted to share with our blog...

Explained: YARA rules

YARA rules are a way of identifying malware or other files by creating rules that look for certain characteristics. YARA was originally developed by Victor Alvarez of Virustotal and is mainly used in malware research and detection. It was developed with the idea to describe patterns that identify...

How Do You Identify Zero-Days and Fileless Malware? Download (the) RAM.

Banner Source: The ever-handy http://www.downloadmoreram.com. When a tactic becomes less and less effective, its important to shift strategies and adapt. With malware, attackers are doing exactly that. As preventative measures such as antivirus and endpoint detection and response continue to...

[SECURITY] Fedora 24 Update: yara-3.6.3-1.fc24

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

[SECURITY] Fedora 26 Update: yara-3.6.3-1.fc26

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

[SECURITY] Fedora 25 Update: yara-3.5.0-7.fc25

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

Google Buys Security Firm Zynamics

Google has acquired a small German security start-up called Zynamics, which is well-known in the security industry for its reverse-engineering and analysis tools. Zynamics announced the deal on its corporate blog on Tuesday, saying little other than that the company had been acquired by Google. T...

F-Secure Internet Gatekeeper Web Console Detection

The remote web server is the Web Console component of F-Secure Internet Gatekeeper, an enterprise-class email and web filtering gateway used to identify malware in incoming and outgoing SMTP, HTTP, FTP and POP3 traffic. C Tenable Network Security, Inc. include"compat.inc"; if description...

Inside Google's Anti-Malware Operation

TORONTO–A Google malware researcher gave a rare peek inside the company’s massive anti-malware and anti-phishing efforts at the SecTor conference here, and the data that the company has gathered shows that the attackers who make it their business to infect sites and exploit users are adapting the...