Home How To Hunting with YARA rules and ClamAV

Hunting with YARA rules and ClamAV


Didier Stevens has published a post about using ClamAV with YARA rules for hunting in NVISO Labs blog. He notes that one of the important features of ClamAV is the file decomposition capability. So if the file you want to analyze resides in an archive, or is a packed executable, then ClamAV unarchives/unpacks it, and run the YARA engine. Also you will learn how to create and deconstruct YARA rules.

  • Spotting the Signs of Lateral Movement

    Derek King has published another post as part of his¬†“Hunting with Splunk: The Basic…
  • How to Deploy Cuckoo Sandbox

    Marc Rivero L√≥pez presented a how-to guide that will help you to deploy¬†Cuckoo Sandbox …
  • DFIR SQL Query Repository

    Alexis Brignoni has started a collection of¬†SQL query templates for digital forensics use,…
Load More Related Articles
Load More In How To

Leave a Reply

Your email address will not be published. Required fields are marked *