a-ray-grass
#Security Testing#Malware Analysis
A library of PHP unserialize() payloads and a tool to generate them.
a-ray-grass: A YARA Module for DCSO Bloom Filters - Enhancing File Analysis
a-ray-grass is a YARA module designed to support DCSO format bloom filters within the YARA framework. In the context of hashlookup, it facilitates the rapid exclusion of known files, effectively 'pour séparer le grain de l'ivraie.' This capability significantly improves the efficiency of file analysis by filtering out data that is not relevant.
Installation Instructions
1. Copy the folder libyara/fleur into the libyara directory.
2. Copy the folder libyara/modules/araygrass into the libyara/modules directory.
3. Open and modify the file libyara/Makefile.am:
- Add modules/araygrass/araygrass.c to the MODULES variable.
- Add fleur/fnv.c and fleur/fleur.c to the libyara_la_SOURCES variable.
4. Open and modify the file /libyara/modules/module_list:
- Append MODULE(araygrass) to the end of the file.
5. Lastly, modify the file libyara/modules/araygrass/araygrass.c.
Two Defined Paths for Your Bloom Filter
BF_PATH_IN: In this section, you need to specify the path to your input bloom filter. This filter is utilized to check the variables.
- BF_PATH_OUT: In this section, you should specify the path where you want to save the modified bloom filter after YARA has completed its execution.
It can be left empty if no changes are needed
You may leave it empty if you do not intend to make any modifications to the filter.
It's Acceptable to Set the Same Path for Both Variables
It is perfectly acceptable to use the same path for both variables.
Compilation:
- Return to YARA's root folder and run the command 'make'.
