Posts

Showing posts from November, 2021

Yara: Identify and Classify Malware

Image
"The pattern matching swiss knife for malware researchers (and everyone else)" (virustotal, 2021) Introduction: Yara can recognize information based on binary and text structures, including hexadecimal and phrases included inside a file, helping cyber security researchers to identify and categorize malware models. Yara Yet Another Ridiculous Acronym 😂 is a very powerful tool and it is easy to start but a bit difficult to master. Rules: Yara uses description variables also known as rules to match suspicious files. Each rule consists of a set of strings variables and a set of conditions that return boolean values, let's see an example of a Yara rule file: rule ruleX_threat : { meta: description = "This is just an example" threat_level = 3 strings: $a = "this set of words !!!" $b = {8D 4D B0 2B C1 83 C0 27 99 6A 4E 59 F7 F9} $c = "UVODFRYSIHLNWPEJXQZAKCBGMT" $d = "175.16.102.88" condition: $a or $b or $c or $d } The shown above rule i...

OpenVas: Vulnerability Scanning | Installation Guide

Image
  Introduction: OpenVAS is a vulnerability scanner that analyzes endpoints and web apps to uncover and detect flaws. Corporations frequently employ it as part of their mitigation strategies to initially identify any weaknesses in their operational or testing servers and apps. This isn't an ultimate solution, but it can assist in the elimination of any common weaknesses that may have sneaked through the gaps. Installation: There are three methods to install GreenBone openVas: 1- Install from Kali/OpenVas repositories:  This way varies in difficulty because of the needed configurations, you can simply install it with apt. sudo apt-get update -y &&  sudo apt-get upgrade -y &&  sudo apt-get dist-upgrade -y sudo apt-get install openvas sudo gvm-setup sudo gvm-check-setup 2- Install from source (Manually): This way is not the best for beginners due to prerequisite installations and error handling can be challenging. github.com/greenbone/openvas-scanner 3- R...