Still testing 🤞
For those able to use #BinaryNinja projects; #BinYars can sort the files into folders based upon the #Yara-X rule metadata field, BNFolder. The folder nesting structure is determined by the number of matches that reside under each folder - check out the video below!
Technical alert for SOCs & DFIR teams: RedTiger is a Python‑based infostealer now weaponized in the wild. Key behaviors: PyInstaller binaries, Discord client JS modification (discord_desktop_core index.js), token validation via /users/@me, archive upload to GoFile, webhook delivery via Discord, webcam/screenshot capture, and process/file spamming to obscure forensic traces.
Recommended triage actions:
- Hunt for modifications to discord_desktop_core or unexpected JS files.
- Monitor outbound uploads to GoFile and similar anonymous storage services.
- Alert on unusual Discord webhook creations or metadata and token validation calls to /users/@me.
- Detect mass process spawning or spamming file creation events.
- Enforce secure token storage, hardware MFA, and ephemeral credentials for services.
Discuss your detection queries and signatures — share YARA, Sigma, or hunting queries in comments (safely redacted). Follow our handles for continuous threat updates.
#RedTiger #DFIR #SOC #Hunting #Sigma #YARA #ThreatIntel #Discord #Infostealer #InfoSec #Malware
It's getting close to being done - #BinYars a #YARA-X #BinaryNinja plugin! Still testing, but plan on open sourcing it for all to use.
Shout out to Remco Sprooten for making this tool (also shown in the video) for quickly drafting Yara rules 💪 https://github.com/1337-42/SimpleYaraBN
Video: Part 1 of 2
I had the privilege to participate in the first Rulezet workshop at #hacklu2025. https://rulezet.org/ is still early stage but it has the potential to reshape the way #cybersecurity detection methods are shared and developed for project such as #suricata, #yara or #sigma.
I had the feeling to assist an "historic" moment. Last time I had this feeling was in eBPF related discussions at the early stage of this technology.
Denizli'de korkunç kaza: 1 vatandaş öldü, çok sayıda yaralı var: Sürücüsü öğrenilemeyen 35 CEJ 948 plakalı günübirlik tura katılanları taşıyan midibüs, Bölmekaya Mahallesi yakınlarında şarampole devrildi.
KAZADA 1 KİŞİ ÖLDÜ, 31 YARALI
İhbar üzerine kaza yerine sağlık, itfaiye ve polis ekipleri sevk edildi.
Sağlık ekipleri, 1 kişinin hayatını kaybettiğini belirledi. Kazada sürücü ile midibüsteki 31 kişi… https://www.eshahaber.com.tr/haber/denizli-de-korkunc-kaza-1-vatandas-oldu-cok-sayida-yarali-var-265263.html?utm_source=dlvr.it&utm_medium=mastodon EshaHaber.com.tr #kaza #Denizli #haber #yara #gündem
Mình đang tạo công cụ bảo mật dành cho expansion broswer/IDE (VSCode, Chrome, ...) bằng YARA rules (2k+规则 anti malware), SAST và vui lòng quét script بعد cài đặt. Nên nhấn mạnh tính an toàn cho cộng đồng developer! 🔐 #ToolSecurity #Cybersecurity #ExtensionSafety #YARA #SAST #TechInnovation
One year, I had a chat with the fine people @suricata during the @cert_eu conference, and they were wondering why we didn't create an open source website for all the different rules (YARA, Suricata, and many others) — a place to allow comments, reviews, bundling, and integration with @misp.
We’ve just released the first beta version of the rulezet.org service! 🎉
The platform is open and publicly available and the entire back-end is fully open source.
It’s still in beta, so feedback is very welcome!
#cti #yara #threatintelligence #osint #dfir #cybersecurity #suricata
When walking a zip file's central directory structure using #yara-x, `math.max` and `with` are your friends.
📢 FlipSwitch : une nouvelle technique de rootkit contourne le dispatch des syscalls de Linux 6.9
📝 Source : Elastic Security Labs — Des chercheurs présentent « FlipSwitch », une technique de rootkit Linux capable de contourner l...
📖 cyberveille : https://cyberveille.ch/posts/2025-09-30-flipswitch-une-nouvelle-technique-de-rootkit-contourne-le-dispatch-des-syscalls-de-linux-6-9/
🌐 source : https://www.elastic.co/security-labs/flipswitch-linux-rootkit
#Linux #YARA #Cyberveille
Gh0stKCP Protocol
https://web.brid.gy/r/https://www.netresec.com/?page=Blog&month=2025-09&post=Gh0stKCP-Protocol
📢 SentinelLabs dévoile des méthodes pour traquer les malwares activés par LLM via clés API et prompts intégrés
📝 Selon SentinelLabs (blog de recherche de SentinelOn...
📖 cyberveille : https://cyberveille.ch/posts/2025-09-22-sentinellabs-devoile-des-methodes-pour-traquer-les-malwares-actives-par-llm-via-cles-api-et-prompts-integres/
🌐 source : https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/
#YARA #chasse_aux_menaces #Cyberveille
🔎 Malware Analysis Tools & Resources — Lab-Only Guide (Defensive) ☣️🛡️
Malware analysis is the practice of studying suspicious files and binaries to understand capabilities, indicators, and containment actions — always inside isolated, offline labs. 🧪💻 Below are trusted tools and resources analysts use to triage, unpack, and investigate malicious samples, plus learning hubs to level up your skills.
For static analysis (examining files without running them) analysts rely on tools like strings, file, ssdeep, PEStudio, Detect It Easy (DIE), Ghidra, and r2 / radare2 to inspect headers, imports, embedded strings, and binary structure. 🧩 For dynamic analysis (safe execution), sandboxes such as Cuckoo Sandbox, Any.Run, and instrumented VMs with Process Monitor, Process Explorer, Procmon, Sysmon, API monitor, plus network capture (Wireshark/tshark, tcpdump) reveal runtime behavior and network indicators. 🔬📡
Memory & forensic analysis uses Volatility / Volatility3, Rekall, and tools to capture RAM and extract artifacts. For unpacking and debugging native code, analysts use x64dbg, WinDbg, GDB, and deobfuscation helpers; for Java/.NET, tools like jadx and dnSpy help reverse engineered bytecode. 🧠⚙️
Threat intel & enrichment resources accelerate investigation: VirusTotal, Hybrid Analysis, MalwareBazaar, Malpedia, AbuseIPDB, OTX (AlienVault), and MISP provide samples, IOCs, yara rules, and community knowledge. 🗂️📊 Combine these with YARA for signature matching and Sigma for log detections. 🔎🧰
Learning resources & safety: follow vendor blogs (Microsoft Defender, Cisco Talos, CrowdStrike), training platforms (Practical Malware Analysis labs, REMnux VM, FLARE VM), and courses (SANS/GIAC tracks, online DFIR courses). Always run samples in air-gapped / host-only VMs, snapshot before/after, and capture PCAPs & memory for reproducibility. 📚🔐
#MalwareAnalysis #DFIR #ThreatHunting #Volatility #CuckooSandbox #Ghidra #VirusTotal #CyberSecurity #InfoSec #DigitalForensics #YARA
Used some #AI to jury rig a basic API documentation site for The Yaralyzer, my unexpectedly popular tool for visualizing and forcibly decoding #YARA matches in binary data.
* GitHub: https://github.com/michelcrypt4d4mus/yaralyzer
* PyPi: https://pypi.org/project/yaralyzer/
* API documentation: https://michelcrypt4d4mus.github.io/yaralyzer/api/
* Can also be installed (indirectly) via homebrew if you install The #Pdfalyzer (different tool)
#ascii #asciiArt #blueteam #cybersecurity #detectionengineering #DFIR #forensics #FOSS #hacking #infosec #KaliLinux #malware #malwareDetection #malwareAnalysis #openSource #pdfalyzer #redteam #reverseEngineering #reversing #threathunting #yaralyze #yaralyzer #YARA #YARArule #YARArules
🛡️ New YARA project just dropped:
🔹 94 RAT/Worm builder variants
🔹 Rules for variant-level matching
🔹 Samples manually generated in isolated QEMU sandboxes
🔹 Encrypted, scoped — no VT noise
http://github.com/GokbakarE/RuleSetRAT
#malware #infosec #reverseengineering #yara #threathunting
Il y a 5 ans : l’explosion du port de Beyrouth
@mina
> ¡La foto no es nada menos que espectacular!
Si .. no .. bueno .. gracias.
😊
La verdad, la de hoy, de la loca que se metió en pleno invierno me parece que quedo mejor aun.
(es solo un recorte de tamaño real de una imagen de resolución extra super grande)
@jesuisatire @aiquez @crossgolf_rebel @resl @sinmisterios
#bothrops #yara #uruguay #naturaleza #vivoras #serpientes #reptiles
🧬 Built a public YARA corpus from 90+ legacy builder tools.
All binaries manually generated in isolated QEMU sandboxes
Variant-specific YARA rules for precision, not generic coverage
CAPA + DIE static analysis JSON included for each sample
No live samples shared — only clean metadata & signatures
🔗 github.com/GokbakarE/RuleSetRAT
For those into reverse engineering, long-tail tooling, and rule discipline.
#infosec #reverseengineering #yara #DFIR #threathunting
📣 Mardi matin, nous participions à une conférence de presse pour annoncer le lancement d’un recours grâcieux contre l’usine de #Yara à Montoir-de-Bretagne, aux côtés de 10 organisations locales. On vous explique 👇
Just released version 1.16.8 of The Pdfalyzer with a bunch of new and updated #YARA rules to scan #PDF files for malicious content. Links in the quoted toot below.
https://universeodon.com/@cryptadamist/114768170683991686
#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #hacking #homebrew #infosec #KaliLinux #malware #malwareDetection #malwareAnalysis #openSource #pdf #pdfs #pdfalyzer #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #yaralyze #yaralyzer #YARA #YARArule #YARArules
