Tony Lambert
@forensicitguy.bsky.social
Recovering sysadmin that now chases adversaries instead of uptime. Sr Malware Analyst @redcanary
#100daysofyara I like taking the approach of having multiple YARA rules to detect the same thing from different perspectives, like these rules for Cronos Crypter. One looks for just strings, another a string + encryption salt, 3rd for assembly name
January 2, 2025 at 4:30 AM
#100daysofyara I like taking the approach of having multiple YARA rules to detect the same thing from different perspectives, like these rules for Cronos Crypter. One looks for just strings, another a string + encryption salt, 3rd for assembly name