/2024

Rules shared by the community from 100 Days of YARA 2024

Primary LanguageYARAMIT LicenseMIT

100 Days of YARA 2024

Welcome to 100 Days of YARA! This repository will act as the store for all YARA ideas created during this time. Any fun scripts, tools, or rules you write can be committed to this GitHub repository! For now, any associated blogging, walkthroughs, or other musing can be hosted elsewhere :)

So what is all this any way?

In short, #100DaysofYARA is place on the internet where malware analysts, detection engineers, and reversers share ideas for YARA rules, tips for rule creation, or methods of using YARA in unconventional ways.

How do I participate?

Simple! Write a new YARA rule everyday, for 100 in a row! As of yet, there are no challenges, winners, or competition. This is a self-imposed challenge to learn how to write more, and better YARA rules.

Those bold enough can post their rules to this repository, to publicly track their ideas, experimentations, and other tinkerings.

We'll create a new repository for each calendar year, but the structure can be pretty free-form! At some point there will be style and structural requirements for YARA rules submitted (tabs vs spaces, necessary metadata like author, date, things like that) but the general vibes are positive and uplifting so go wild with your most outlandish rules!

It is not lost on me that we could just fork Florian Roth's repositories here and call it good on detection, but this event is about advancing your own YARA skills, whether it is your first rule or your 1000th. Documenting that learning journey is important, especially for most of us late-stage adopters who probably did not major in computer science (there will be a rant on this), so think of committing to this repo as slightly-public diary about malware detection where your pals can help you and encourage you along the way.

Let those YARA ideas ferment and write em down so you have content to spare - #100DaysofYARA starts Jan 1, 2024!