Malware Analysis - Malware Hunting and Classification with YARA

Поделиться
HTML-код
  • Опубликовано: 24 дек 2024

Комментарии • 37

  • @dooboodot
    @dooboodot 4 года назад +1

    You seem to know A LOT about what you're doing! Great tutorial.

  • @devislight
    @devislight 6 лет назад +2

    Thank you Very much. Informative, educational, well presented and well paced.

  • @Demonslay335
    @Demonslay335 8 лет назад

    So that's how you found all those ransomware this week, "condition: true". :P Excellent video, I learned quite a bit. :)

    • @MalwareAnalysisForHedgehogs
      @MalwareAnalysisForHedgehogs  8 лет назад

      Haha, yes that signature has the best detection rate. X)
      I am glad I could teach you something.

  • @splytek2140
    @splytek2140 4 года назад

    Thank you so much. Regards from México!

  • @mazmac4474
    @mazmac4474 5 лет назад +1

    Good job 👍🏻

  • @ukaszcom9832
    @ukaszcom9832 2 года назад

    Great movie. thanx !

  • @JohnSmith-iq5gy
    @JohnSmith-iq5gy 7 лет назад

    This was very helpful and informative, thank you!!

  • @atifjafri4351
    @atifjafri4351 3 года назад

    Thankyou

  • @000maestro000
    @000maestro000 7 лет назад

    cool video, definitely useful. how do you come by the binaries though ? random web browsing or specific requests from clients ?

    • @MalwareAnalysisForHedgehogs
      @MalwareAnalysisForHedgehogs  7 лет назад

      I get them via Virustotal most of the time.

    • @000maestro000
      @000maestro000 7 лет назад +1

      Cool, only after watching i realized you can apply the yara rules to virustotal database and download the samples that match. That was the missing link for me ☺️

  • @chrisfrazier6933
    @chrisfrazier6933 5 лет назад

    Great video Thank you

  • @shreyas1475
    @shreyas1475 7 лет назад

    Thankyou again what system do you recommend doing malware analysis in? XP and Ubuntu? I am really bored of hunting and looking to expand my knowledge ;) Also a list of tools that are needed to do so would be good to know

    • @MalwareAnalysisForHedgehogs
      @MalwareAnalysisForHedgehogs  7 лет назад

      By now I would prefer Windows 7 x64 bit if you have only one system of choice (more is better). There's now quite some x64 malware out there and newest .NET versions do not work for XP either.
      I don't have a comprehensive tool list by now. You find a list of the tools used in my videos always in the description below.

    • @shreyas1475
      @shreyas1475 7 лет назад

      I see...thanks!

  • @qe4wsy5
    @qe4wsy5 8 лет назад +2

    nice video ☺
    tq 😎

  • @drarunanoopm5366
    @drarunanoopm5366 4 года назад

    i have one doubt. Which file format we can create these rules if i use notepad++?

    • @MalwareAnalysisForHedgehogs
      @MalwareAnalysisForHedgehogs  4 года назад

      The rules themselves are text files.
      The detected files can have any file format.

    • @drarunanoopm5366
      @drarunanoopm5366 4 года назад

      @@MalwareAnalysisForHedgehogs ok fine. Can you print "I love yara" based on rules?

    • @drarunanoopm5366
      @drarunanoopm5366 4 года назад

      @@MalwareAnalysisForHedgehogs actually i want to print "i love yara". suppose i declare $text_a=i $text_b=love $text_c=yara....and finally in cond $text_a or $text_b or $text_c is enough to print so?

    • @MalwareAnalysisForHedgehogs
      @MalwareAnalysisForHedgehogs  4 года назад

      @@drarunanoopm5366 No. Yara is to detect files, not to write programs in it.

  • @coyzor
    @coyzor 6 лет назад

    thanks for this vid

  • @cherifaly6757
    @cherifaly6757 6 лет назад

    What's this program icon between Die and visual studio in the Taskbar?

  • @v34395
    @v34395 7 лет назад

    nice :) keep posting..

  • @000maestro000
    @000maestro000 7 лет назад

    I must have a paid account to download matching samples from VT right ?

    • @MalwareAnalysisForHedgehogs
      @MalwareAnalysisForHedgehogs  7 лет назад +2

      Yes, it only works with a paid account. Unfortunately I don't know of anything similar that is for free.

    • @anikettate150
      @anikettate150 5 лет назад

      @brak brak hey can you please share me invite

    • @navjotsingh2251
      @navjotsingh2251 4 года назад

      brak brak hi, if available could you send me one? Contact me on: navjotsingh1317@gmail.com

  • @xenn1
    @xenn1 8 лет назад

    Great Videos! :-) Please make a video and show us all tools are you using.
    i can recommend the tool fakenet-ng it is great for research

  • @swayam14u
    @swayam14u 6 лет назад

    nice video