bbot icon indicating copy to clipboard operation
bbot copied to clipboard
verified publisher icon blacklanternsecurity

Collection of Default YARA Rules

Open TheTechromancer opened this issue 1 year ago • 1 comments

We should have a collection of default YARA rules as .yaml files. These would do useful things like:

  • Tagging events (e.g. login pages)
  • Raising findings (e.g. verbose errors / serialized objects)

Basically, any rules that are simple enough to express in YAML, we should keep as separate files so they're more easily maintainable and don't take up space in excavate.py.

@liquidsec

TheTechromancer avatar Oct 14 '24 02:10 TheTechromancer

I feel like @SpamFaux and team could help determine what would be useful for this

liquidsec avatar Jan 16 '25 23:01 liquidsec