/2023

Rules Shared by the Community from 100 Days of YARA 2023

Primary LanguageYARA

100 Days of YARA Part 2 - Electric Detectaloo

Apologies in advance for the terrible naming, but welcome to 100 Days of YARA! This repository will act as the store for all YARA ideas created during this time. Any fun scripts, tools, or rules you write can be committed to this GitHub repository! For now, any associated blogging, walkthroughs, or other musing can be hosted elsewhere :)

So what is all this any way?

In short, #100DaysofYARA is place on the internet where malware analysts, detection engineers, and reversers share ideas for YARA rules, tips for rule creation, or methods of using YARA in unconventional ways.

We'll create a new repository for each calendar year, but the structure can be pretty free-form! At some point there will be style and structural requirements for YARA rules submitted (tabs vs spaces, necessary metadata like author, date, things like that) but the general vibes are positive and uplifting so go wild with your most outlandish rules!

It is not lost on me that we could just fork Florian Roth's repositories here and call it good on detection, but this event is about advancing your own YARA skills, whether it is your first rule or your 1000th. Documenting that learning journey is important, especially for most of us late-stage adopters who probably did not major in computer science (there will be a rant on this), so think of committing to this repo as slightly-public diary about malware detection where your pals can help you and encourage you along the way.

There will be an initial walkthrough for how to use GitHub for this for those that aren't familiar, once I get around to writing it.

For now, let those YARA ideas ferment and write em down so you have content to spare - #100DaysofYARA2 starts Jan 1, 2023!