One Article Review
| Source |  Malware Hell |
|---|---|
| Identifiant | 8314729 |
| Date de publication | 2023-02-05 00:00:00 (vue: 2023-03-01 20:12:23) |
| Titre | Hunting Opaque Predicates with YARA |
| Texte |
Introduction Malware tends to obfuscate itself using many different techniques from opaque predicates, garbage code, control flow manipulation with the stack and more. These techniques definitely make analysis more challening for reverse engineers. However, from a detection and hunting standpoint to find interesting samples to reverse engineer we can leverage our knowlege of these techniques to hunt for obfuscated code. In our case today, we will be developing a yara signature to hunt for one specific technique of opaque predicates, there are many variations and situations where this does not match and should only serve as a hunting signatures as more heuristic and programitic approaches for this are better for detection. |
| Envoyé | Oui |
| Condensat | analysis approaches are better can case challening code control definitely detection developing different does engineer engineers find flow from garbage heuristic however hunt hunting interesting introduction itself knowlege leverage make malware manipulation many match more not obfuscate obfuscated one only opaque predicates programitic reverse samples serve should signature signatures situations specific stack standpoint technique techniques tends these today using variations where will yara |
| Tags | Malware |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.