I hereby claim:
- I am tlansec on github.
- I am tlansec (https://keybase.io/tlansec) on keybase.
- I have a public key ASBn6NaQHKRGN-ymHfWx1epyZK7Q07E9UQlOXmsoZKuG-wo
To claim this, I am signing this object:
import requests | |
r = { | |
'url':'https://pypi.python.org', | |
'method' : "GET", | |
"headers" : { | |
"Host" : "totally-python.org", | |
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36" | |
}, | |
"verify" : True | |
} |
I hereby claim:
To claim this, I am signing this object:
// Add as an alias like: | |
// alias entropy=yara /path/to/entropy.yar $* | |
// Usage: | |
// entropy file.bin | |
import "console" | |
import "math" | |
rule entropy |
import "math" | |
rule general_vba_high_entropy_function_names : General | |
{ | |
meta: | |
author = "threatintel@volexity.com" | |
description = "Looks for VBA files containing function names that have been randomized based on their entropy." | |
date = "2022-03-14" | |
hash1 = "c2badcdfa9b7ece00f245990bb85fb6645c05b155b77deaf2bb7a2a0aacbe49" | |
memory_suitable = 0 |
# Simple script to demo use of yara-python + externals | |
# think of all the externals you could define! | |
import os | |
import sys | |
import yara | |
example_rule = ''' | |
rule demo_externals | |
{ |
import "pe" | |
rule always_false | |
{ | |
condition: | |
false | |
} |
rule general_win_runkey_casing_anomaly : General | |
{ | |
meta: | |
author = "threatintel@volexity.com" | |
description = "Looks for files containing to a reference to the HKCU run key where the reference uses unusual casing." | |
date = "2021-08-03" | |
hash1 = "c20997c72508bc7340f4ec99fe9eb4f1ccde518e81bda66e7c86632f0748bffa" | |
memory_suitable = 0 | |
strings: |