Super SheepJan 1, 2024
import "time" rule year_2024 { condition: time.now() >= 1704067200 }
#100DaysofYARA
Show threadavallachJan 1, 2024
@qutluch Way to kick off #100DaysofYARA 🍻
Show threadSuper SheepJan 1, 2024
@xorhex Thanks! First low effort rule I could think of. I'll post something better tomorrow after I shake off the night.
Show threadRony 
@qutluch @xorhex looking forward to both of you! ;)
Jan 1, 2024 at 2:47amWeb
Show threadavallachJan 1, 2024

@r0ny_123 @qutluch my goal is to write a yara-x module while learning rust and nom🤞

#yara #yarax

Show threadSuper SheepJan 1, 2024
@xorhex @r0ny_123 Can't wait to see your work. Learning Rust is on my TODO scroll. I mostly just curse it when I'm reversing it. Yara-x looks great though. Been following its progress. What module are you planning to write?
Show threadavallachJan 1, 2024
@qutluch @r0ny_123 Not ready to make my idea public yet 😉
Show threadCindʎ Xiao 🍉Jan 1, 2024

@xorhex @r0ny_123 @qutluch DO IT

BTW if you're looking for code examples from a fairly large production codebase that uses Nom: Suricata's rule parser and many of their protocol parsers are written with Nom: https://github.com/OISF/suricata/tree/master/rust/src

suricata/rust/src at master · OISF/suricata

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. - OISF/suricata

GitHub
Show threadavallachJan 1, 2024
@cxiao @r0ny_123 @qutluch Ooh, thanks! 👀