all InfoSec news
Ghidra: YARA scanning
Oct. 21, 2023, 4:11 p.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
This blag post covers scanning the Ghidra virtual memory with YARA.
What is YARA
YARA is the industry standard when it comes to signatures matching on malware. If you don’t know YARA: It’s a simple pattern-matching language that has some features tailored for searching in binary data. Logical expressions for matches and the capability to match on parsed structures of some common executable formats are a few examples of such features.
rule hello_yara {
strings:
$a = "Hello"
$b = …
binary data don expressions features ghidra industry language malware malware analysis memory scanning signatures simple standard virtual what is yara
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Information Security Specialist, Sr. (Container Hardening)
@ Rackner | San Antonio, TX
Principal Security Researcher (Advanced Threat Prevention)
@ Palo Alto Networks | Santa Clara, CA, United States
EWT Infosec | IAM Technical Security Consultant - Manager
@ KPMG India | Bengaluru, Karnataka, India
Security Engineering Operations Manager
@ Gusto | San Francisco, CA; Denver, CO; Remote
Network Threat Detection Engineer
@ Meta | Denver, CO | Reston, VA | Menlo Park, CA | Washington, DC