Several of my tools support YARA rules. And of those tools, many support what I like to call “Ad Hoc rules” (or Here rules). An Ad Hoc YARA rule is a rule that isn’t stored in a file, but is passed via the command line, and is generated ad hoc by the … [Continue Reading]
Maintaining The KnowledgeBase
As 2019 closes, we move into not just a new year, but also a new decade. While, for the most part, this isn't entirely significant...after all, how different will you really be when you wake up on 2 Jan...times such as this offer an opportunity for … [Continue Reading]
LNK Toolmarks
Matt posted a blog article a while back, and I took interest in large part because it involved an LNK file. Matt provided a hash for the file in question, as well as a walk-through of his "peeling of the onion", as it were. However, one of the … [Continue Reading]
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- …
- 514
- Next Page »