Cool, only after watching i realized you can apply the yara rules to virustotal database and download the samples that match. That was the missing link for me ☺️
Thankyou again what system do you recommend doing malware analysis in? XP and Ubuntu? I am really bored of hunting and looking to expand my knowledge ;) Also a list of tools that are needed to do so would be good to know
By now I would prefer Windows 7 x64 bit if you have only one system of choice (more is better). There's now quite some x64 malware out there and newest .NET versions do not work for XP either. I don't have a comprehensive tool list by now. You find a list of the tools used in my videos always in the description below.
@@MalwareAnalysisForHedgehogs actually i want to print "i love yara". suppose i declare $text_a=i $text_b=love $text_c=yara....and finally in cond $text_a or $text_b or $text_c is enough to print so?
You seem to know A LOT about what you're doing! Great tutorial.
Thank you Very much. Informative, educational, well presented and well paced.
who u
So that's how you found all those ransomware this week, "condition: true". :P Excellent video, I learned quite a bit. :)
Haha, yes that signature has the best detection rate. X)
I am glad I could teach you something.
Thank you so much. Regards from México!
Good job 👍🏻
Great movie. thanx !
This was very helpful and informative, thank you!!
Thanks. I am glad this helps you. :)
Thankyou
Glad it helped!
cool video, definitely useful. how do you come by the binaries though ? random web browsing or specific requests from clients ?
I get them via Virustotal most of the time.
Cool, only after watching i realized you can apply the yara rules to virustotal database and download the samples that match. That was the missing link for me ☺️
Great video Thank you
Thankyou again what system do you recommend doing malware analysis in? XP and Ubuntu? I am really bored of hunting and looking to expand my knowledge ;) Also a list of tools that are needed to do so would be good to know
By now I would prefer Windows 7 x64 bit if you have only one system of choice (more is better). There's now quite some x64 malware out there and newest .NET versions do not work for XP either.
I don't have a comprehensive tool list by now. You find a list of the tools used in my videos always in the description below.
I see...thanks!
nice video ☺
tq 😎
Thank you! :)
i have one doubt. Which file format we can create these rules if i use notepad++?
The rules themselves are text files.
The detected files can have any file format.
@@MalwareAnalysisForHedgehogs ok fine. Can you print "I love yara" based on rules?
@@MalwareAnalysisForHedgehogs actually i want to print "i love yara". suppose i declare $text_a=i $text_b=love $text_c=yara....and finally in cond $text_a or $text_b or $text_c is enough to print so?
@@drarunanoopm5366 No. Yara is to detect files, not to write programs in it.
thanks for this vid
What's this program icon between Die and visual studio in the Taskbar?
ILSpy
nice :) keep posting..
I must have a paid account to download matching samples from VT right ?
Yes, it only works with a paid account. Unfortunately I don't know of anything similar that is for free.
@brak brak hey can you please share me invite
brak brak hi, if available could you send me one? Contact me on: navjotsingh1317@gmail.com
Great Videos! :-) Please make a video and show us all tools are you using.
i can recommend the tool fakenet-ng it is great for research
Thank you! Someone else also suggested fakenet-ng, so I guess I will give it a try :)
nice video