Comments on: How to Write Simple but Sound Yara Rules – Part 2

By: Florian Roth

Florian Roth — Sun, 12 Jun 2016 12:31:21 +0000

In reply to Udit Gupta. The hash is meant as a reference to an actual sample on which the rule is based. It means that you can get this sample and test the rule against it.

By: Udit Gupta

Udit Gupta — Thu, 09 Jun 2016 19:41:02 +0000

Thanks a lot for this wonderful writeup… i had a query: the ‘hash’ value inside the rule under the heading ‘meta’, is it the hash of the file we are running our rule against ? What is the significance of including hash in yara rule ?

By: How to Write Simple but Sound Yara Rules – Part 3 - BSK Consulting GmbH

How to Write Simple but Sound Yara Rules – Part 3 - BSK Consulting GmbH — Fri, 15 Apr 2016 11:04:21 +0000

[…] has been a while since I wrote „How to Write Simple but Sound Yara Rules – Part 2„. Since then I changed my rule creation method to generate more versatile rules that can also […]

By: How to Write Simple but Sound Yara Rules - BSK Consulting GmbH

How to Write Simple but Sound Yara Rules - BSK Consulting GmbH — Tue, 05 Apr 2016 09:19:11 +0000

[…] sure to check Part 2 of „How to Write Simple and Sound YARA […]

By: When Hunting BeEF, Yara rules (Part 2), (Thu, Dec 17th) - iRTW

When Hunting BeEF, Yara rules (Part 2), (Thu, Dec 17th) - iRTW — Fri, 18 Dec 2015 03:04:20 +0000

[…] those using Yara (beginners and more experienced users alike), I would suggest to read How to Write Simple but Sound Yara Rules [https://www.bsk-consulting.de/2015/10/17/how-to-write-simple-but-sound-yara-rules-part-2/] by […]

By: When Hunting BeEF, Yara rules (Part 2), (Thu, Dec 17th) - Varanoid.com

When Hunting BeEF, Yara rules (Part 2), (Thu, Dec 17th) - Varanoid.com — Thu, 17 Dec 2015 21:29:08 +0000