TechNaduFeb 14

REMnux v8 represents a structural modernization of a long-standing malware analysis distribution.

Technical highlights:
• Migration to Ubuntu 24.04 (modern kernel + LTS support)
• Cast-based installer replacing legacy CLI deployment
• AI-assisted workflows via MCP server
• Integration support for Ghidra with AI plugins

Tooling refresh includes:
YARA-X (Rust rewrite for performance improvements)
GoReSym (symbol recovery for Go binaries)
APKiD (Android packer detection)
Manalyze (PE/ELF/MachO static parsing)
This release signals an industry shift toward AI-augmented reverse engineering pipelines.
Is AI-assisted RE the new baseline for threat labs?

Source: https://cyberpress.org/remnux-v8-released/

Engage below.
Follow @technadu for deep technical cybersecurity updates.

#ThreatResearch #MalwareAnalysis #ReverseEngineering #YARAX #GoBinary #DFIR #Infosec #AIinSecurity #BlueTeam #StaticAnalysis #OpenSourceSecurity #SOC #ThreatHunting

avallachFeb 6

Yara-X 1.13 released!

Run (to get the latest): cargo install-update -i yara-x-cli

https://github.com/VirusTotal/yara-x/releases/tag/v1.13.0

#YARAX #YARA

Release v1.13.0 · VirusTotal/yara-x

Add crx and dex modules to Python invoke API (#534). Add Python API for specifying the metadata that should be passed to modules (6bebe34): Output filenames that needs reformatting when using yr fm...

GitHub
avallachFeb 4

Yara-X has a language server for VS-Code

https://marketplace.visualstudio.com/items?itemName=VirusTotal.yara-x-ls

#YARAX #YARA

YARA Language - Visual Studio Marketplace

Extension for Visual Studio Code - Rich support for the YARA language. Provides syntax highlighting, autocompletion and more.

avallachJan 9

https://github.com/VirusTotal/yara-x/releases/tag/v1.11.0

Time to update: cargo install-update -i yara-x-cli

#YARA #YARAX

Release v1.11.0 · VirusTotal/yara-x

Make the parser stricter (#502). Implement dex module (#458). Implement C api console log (#515). Implement permhash for the crx module (#510). Implement the imports() method for the Rules object i...

GitHub
avallachSep 30
Why is it so hard to get software over the last mile stone to make it usable for more than just me? I've a new #BinaryNinja ( #yarax ) plugin sitting in the wings needing to be polished for release and another release of #BinjaExtras with additional features close, but not close enough for release.
Doug MetzMay 21, 2025

MalChela 2.2 “REMnux” Release
More tools. More Docs. More Power.
#DFIR #MalwareAnalysis #YaraX #Volatility #Tshark #MalChela

http://bakerstreetforensics.com/2025/05/21/malchela-2-2-remnux-release/

MalChela 2.2 “REMnux” Release

MalChela’s 2.2 update is packed with practical and platform-friendly improvements. It includes native support for REMnux, better tool settings, and deeper integrations with analysis tools like YARA…

Baker Street Forensics
avallachDec 20, 2024

Any cgo experts out there who how to work through this error `/usr/bin/ld: cannot find -lgcc_s: No such file or directory`? Trying to statically compile a yara-x golang app I'm developing.

This is the build environment/additional details:

https://github.com/VirusTotal/yara-x/issues/270#issuecomment-2554426967

#golang #yarax #cgo

Golang compile issues after bumping to v0.12.0 · Issue #270 · VirusTotal/yara-x

Getting a number of issue like these when compiling golang code that imports yara-x version v0.12.0: 0.960 # github.com/VirusTotal/yara-x/go 0.960 /go/pkg/mod/github.com/!virus!total/yara-x/[email protected]...

GitHub
avallachSep 22, 2024

This feature of yara-x will simplify some of my rules. This is awesome!

The new yarax ‘with’ statement:

https://github.com/VirusTotal/yara-x/pull/197#issue-2528471614

#yara #yarax

feat: implement `with` statement by TommYDeeee · Pull Request #197 · VirusTotal/yara-x

This expression would allow us to declare a local variable that will be used in remainder of a corresponding section. condition: with foo = <expr>, bar = <expr> : ( ...

GitHub
avallachMay 24, 2024

Know your tools 😉

https://github.com/lief-project/LIEF/issues/1061#issue-2315962044

Describe the bug
Parsing the sample with LIEF, YARA-X and pefile gives a different result for LIEF.
YARA-X and pefile agrees that those samples have exports, but LIEF says there is none.

Fwiw, #VT does not report them either - example: https://www.virustotal.com/gui/file/ffc89c701c4ab21f012eb8c69f01ca38ad6b011b5d4c56ed3237e937c49253d0

#pefile #yara #yarax #lief

Missing Exports in PE (dll) · Issue #1061 · lief-project/LIEF

Describe the bug Parsing the sample with LIEF, YARA-X and pefile gives a different result for LIEF. YARA-X and pefile agrees that those samples have exports, but LIEF says there is none. To Reprodu...

GitHub
Tedi HeriyantoMay 23, 2024

YARA is dead, long live YARA-X: https://blog.virustotal.com/2024/05/yara-is-dead-long-live-yara-x.html

#YARA #YARAX

YARA is dead, long live YARA-X

For over 15 years, YARA has been growing and evolving until it became an indispensable tool in every malware researcher's toolbox. Througho...