본문 바로가기
조회 수 735 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print
1. install yara lib
brew update
brew install yara

Note. If you got error messages like below while running 'brew update',
------------------8<--------------------
error: Your local changes to the following files would be overwritten by merge:
Library/Contributions/brew_bash_completion.sh
Library/Contributions/brew_fish_completion.fish
Library/Contributions/brew_zsh_completion.zsh
[...]
------------------8<--------------------
then run the following commands to fix.

$ sudo chown -R whoami /usr/local
$ cd /usr/local
$ git reset --hard origin/master

2. install yara gem
gem install yara

3. sample code
#!/usr/bin/env ruby

require 'rubygems'

begin
  require 'yara'
rescue LoadError
  puts "[+] yara-ruby is not installed. Installing now..."
  system("gem install yara --no-ri --no-rdoc")
end

rules = <<EOF
    rule rule_a
    {
      strings:
        $a = "aaa"
      condition:
        $a
    }
    rule rule_b
    {
      strings:
        $a = "bbb"
      condition:
        $a
    }
EOF

ctx = Yara::Rules.new

ctx.compile_string rules

ARGV.each do |fname|
  ctx.scan_file(fname).each {|match| puts ">> #{fname} matched #{match.rule} rule" }
end

__END__
ruby ./yara_sample.rb a.txt b.txt


Title
List of Articles
번호 제목 글쓴이 날짜 조회 수
20 How to Decrypt SSL and TLS Traffic using Wireshark (test with sample file) file Hojung 2015.01.23 2425
19 자바스크립트 난독화 기법 / 분석 방법론 (정리예정) Hojung 2015.01.05 1451
18 Base64 encode/decode with OpenSSL Hojung 2015.01.04 1327
17 Convert ascii to hex and vice versa (hexdump, od, xxd, echo -e) Hojung 2015.01.04 1048
16 Simple ruby script to de-obfuscate with XOR string Hojung 2015.01.01 682
15 Installing yara on CentOS and test with Ruby script Hojung 2014.12.31 1964
» Installing Yara for ruby on Mac Hojung 2014.12.31 735
13 How to find the original email sender (check X-Originating-IP or Received headers) Hojung 2014.12.29 850
12 Links for FireEye Deployment Check Hojung 2014.12.11 2564
11 Get timezone info from system logs which is /var/log/messages Hojung 2014.12.07 761
10 Analysing NTPd logs file Hojung 2014.12.07 1443
9 Sguil with tcpreplay (Security Onion) file Hojung 2014.12.01 2281
8 Wireshark settings for traffic analysis file Hojung 2014.11.29 1072
7 Security Onion with Snort and Snorby (pulledpork and snort with offline pcap included) file Hojung 2014.11.24 3582
6 Snort on Ubuntu 14 (Barnyard2, PulledPork, BASE, Snort with pcap) file Hojung 2014.11.22 3271
5 How to install Snorby in Kali (snort) file Hojung 2014.11.21 9441
4 install geoiplookup on Mac Hojung 2014.08.06 2884
3 DDoS 공격대응 가이드 Hojung 2014.07.29 4009
2 DDoS 분석도구 설치 및 분석 (tcpdstat, ngrep, httpry) Hojung 2014.07.25 3405
1 Perl script to push samples to Virustotal Hojung 2014.02.20 1245
Board Pagination ‹ Prev 1 Next ›
/ 1

Designed by sketchbooks.co.kr / sketchbook5 board skin

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5