all InfoSec news
Advice about YARA operators wide & ascii
Dec. 29, 2023, 11:51 a.m. | /u/Consistent-Music-471
For [Blue|Purple] Teams in Cyber Defence www.reddit.com
The rules don’t work consistently on all files, because some of the data in certain files is encoded with two bytes per character(wide).
Should I create two strings for the two cases in my future rules?
Example:
$a = “\\currentVersion\\RunOnce” wide
$b = “\\currentVersion\\RunOnce
Condition: any of them
What is the best practice ? I need advice. Thanks
addresses advice ascii blueteamsec cases data don files find ip addresses keys operators persistence regex registry rules strings work written yara yara rules
More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence
CVE-2024-21111 - Local Privilege Escalation in Oracle VirtualBox
1 day, 17 hours ago |
www.reddit.com
Hunting for a Sliver in a haystack
2 days, 17 hours ago |
www.reddit.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Security Officer Hospital Laguna Beach
@ Allied Universal | Laguna Beach, CA, United States
Sr. Cloud DevSecOps Engineer
@ Oracle | NOIDA, UTTAR PRADESH, India
Cloud Operations Security Engineer
@ Elekta | Crawley - Cornerstone
Cybersecurity – Senior Information System Security Manager (ISSM)
@ Boeing | USA - Seal Beach, CA
Engineering -- Tech Risk -- Security Architecture -- VP -- Dallas
@ Goldman Sachs | Dallas, Texas, United States