Ax1al
Published in

Ax1al

A quick introduction to YARA

#include<stdio.h>int main()
{
char str[] = "EC C2 E3 R5 T6";printf("Hello World");return 0;
}
yara --help
strings [name of the binary]
The rule was changed later :)
rule test
{
strings:
$a = "GLIBC"
$b = "EC2"
condition:
$a or $b
}
rule RegularShow
{
strings:
$re1 = /md5: [0-9a-fA-F]{32}/
$re2 = /state: (on|off)/

condition:
$re1 and $re2
}

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ax1al

Ax1al

A community for the nerds by the nerds .