- We changed the text in the string $a as shown in the eicaryara rule we wrote, from X5O to X50, that is, we replaced the letter O with the number 0. The condition for the Yara rule is $a and $b and $c and $d. If we are to only make a change to the first boolean operator in this condition, what boolean operator shall we replace the ‘and’ with, in order for the rule to still hit the file?
ANS: or
EXPLANATION:
2. What option is used in the Yara command in order to list down the metadata of the rules that are a hit to a file?
ANS: -m
EXPLANATION:
Step 1: yara — help and search for the keyword “meta” or “metadata”
3. What section contains information about the author of the Yara rule?
ANS: metadata
EXPLANATION:
4. What option is used to print only rules that did not hit?
ANS: -n
EXPLANATION:
Step 1: yara — help and search for the similar keyword “ print only rules that did not hit”
5. Change the Yara rule value for the $a string to X50. Rerun the command, but this time with the -c option. What is the result?
ANS: 0
EXPLANATION:
Step 1: change the Yara rule value for the $a string to X50 in eicaryara
Step 2: yara -c eicaryara testfile
*****************THANK YOU****KEEP LEARNING ******************
HOPE GUYS, THIS WALKTHROUGH MIGHT HELP YOU,IF SO LIKE THE WRITE UP ,LIKE & FOLLOW TO THE BLOG AND PROFILE WILL BE MUCH APPRECIATED
FOLLOW MY PROFILE FOR MORE WRITE-UPS
****************************PEACE********************************
