Yara-X 1.13 released!

Run (to get the latest): cargo install-update -i yara-x-cli

https://github.com/VirusTotal/yara-x/releases/tag/v1.13.0

#YARAX #YARA

Yara-X has a language server for VS-Code

https://marketplace.visualstudio.com/items?itemName=VirusTotal.yara-x-ls

#YARAX #YARA

Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).

1. --export-png images lets you export images of the analysis

2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file

3. couple of small bug fixes and debugging related command line options

You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)

- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer

#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules

🛠️ Tool
===================

Opening:
Loki-RS is a Rust-based rewrite of the original Loki scanner that consolidates YARA rule matching and IOC detection into a single high-performance, multi-threaded binary. The project is published as Beta and emphasizes speed, concurrency, and multiple output formats for forensic ingestion.

Key Features:
• YARA scanning of files and process memory with the Core YARA Forge rule set as the default detection surface.
• IOC matching covering cryptographic hashes (MD5, SHA1, SHA256), filename patterns and C2 indicators drawn from the signature-base collection.
• Concurrency model permitting configurable thread counts for parallel scanning and CPU-bound tuning.
• Archive handling with ZIP inspection to reach nested artifacts.
• Operational tooling including an interactive TUI for real-time stats and controls, HTML report generation, and JSONL output for SIEM/log pipeline ingestion.
• Remote logging via syslog over UDP/TCP, with both SYSLOG and JSON formats supported.

Technical Implementation:
• The codebase leverages Rust for memory safety and performance; multi-threaded scanning suggests internal worker queues and file/process enumeration that avoid scanning virtual filesystems by default (/proc, /sys).
• Signature management integrates signature-base for IOCs and YARA Forge for rule sets; the Core rule set is chosen for accuracy and low false positives, while Extended/Full sets are available for swap-in.
• Output pathways include structured JSONL for ingestion pipelines and HTML for human-readable reporting; remote sinks support syslog framing in both traditional SYSLOG and JSON payload modes.

Use Cases:
• Forensic triage on endpoints and mounts where quick identification of known artifacts (hashes, filenames, C2 indicators) is needed.
• Bulk filesystem scans across images or mounted volumes with multi-threaded throughput requirements.
• Integration with logging/monitoring stacks via JSONL or syslog exports.

Limitations & Considerations:
• Project is Beta: features and signatures remain under active development.
• Signature freshness depends on external sources; operational users should plan for regular signature updates.
• Default smart filtering skips virtual filesystems and mounted drives; scanning network/cloud mounts requires explicit configuration.

References:
• Detection content: signature-base (IOCs) and YARA Forge (YARA rules).

🔹 tool #rust #yara #ioctools #forensics

🔗 Source: https://github.com/Neo23x0/Loki-RS

https://github.com/VirusTotal/yara-x/releases/tag/v1.11.0

Time to update: cargo install-update -i yara-x-cli

#YARA #YARAX

This company will capture 800 000 ton CO₂ yearly and store it below the seabed.

It's not removing anything from the air as I understand it, just reducing emissions, but it's still a large positive impact.

https://www.yara.com/sustainability/transforming-food-system/carbon-capture-and-storage/yaras-project-in-sluiskil/

#CCS #Yara #Longship

YAMAGoya: A Real-time Client Monitoring Tool Using Sigma and YARA Rules: https://blogs.jpcert.or.jp/en/2025/11/YAMAGoya.html

#sigma #yara #fileless #memoryanalysis #threathunting