본문 바로가기
조회 수 1265 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print
1. install yara lib
brew update
brew install yara

Note. If you got error messages like below while running 'brew update',
------------------8<--------------------
error: Your local changes to the following files would be overwritten by merge:
Library/Contributions/brew_bash_completion.sh
Library/Contributions/brew_fish_completion.fish
Library/Contributions/brew_zsh_completion.zsh
[...]
------------------8<--------------------
then run the following commands to fix.

$ sudo chown -R whoami /usr/local
$ cd /usr/local
$ git reset --hard origin/master

2. install yara gem
gem install yara

3. sample code
#!/usr/bin/env ruby

require 'rubygems'

begin
  require 'yara'
rescue LoadError
  puts "[+] yara-ruby is not installed. Installing now..."
  system("gem install yara --no-ri --no-rdoc")
end

rules = <<EOF
    rule rule_a
    {
      strings:
        $a = "aaa"
      condition:
        $a
    }
    rule rule_b
    {
      strings:
        $a = "bbb"
      condition:
        $a
    }
EOF

ctx = Yara::Rules.new

ctx.compile_string rules

ARGV.each do |fname|
  ctx.scan_file(fname).each {|match| puts ">> #{fname} matched #{match.rule} rule" }
end

__END__
ruby ./yara_sample.rb a.txt b.txt


Title
List of Articles
번호 제목 글쓴이 날짜 조회 수
20 자바스크립트 난독화 기법 / 분석 방법론 (정리예정) Hojung 2015.01.05 2043
19 Wireshark settings for traffic analysis file Hojung 2014.11.29 1643
18 Snort on Ubuntu 14 (Barnyard2, PulledPork, BASE, Snort with pcap) file Hojung 2014.11.22 4269
17 Simple ruby script to de-obfuscate with XOR string Hojung 2015.01.01 1180
16 Sguil with tcpreplay (Security Onion) file Hojung 2014.12.01 3047
15 Security Onion with Snort and Snorby (pulledpork and snort with offline pcap included) file Hojung 2014.11.24 4393
14 Perl script to push samples to Virustotal Hojung 2014.02.20 1768
13 Links for FireEye Deployment Check Hojung 2014.12.11 3371
12 Installing yara on CentOS and test with Ruby script Hojung 2014.12.31 2554
» Installing Yara for ruby on Mac Hojung 2014.12.31 1265
10 install geoiplookup on Mac Hojung 2014.08.06 3846
9 How to install Snorby in Kali (snort) file Hojung 2014.11.21 17864
8 How to find the original email sender (check X-Originating-IP or Received headers) Hojung 2014.12.29 1382
7 How to Decrypt SSL and TLS Traffic using Wireshark (test with sample file) file Hojung 2015.01.23 3066
6 Get timezone info from system logs which is /var/log/messages Hojung 2014.12.07 1307
5 DDoS 분석도구 설치 및 분석 (tcpdstat, ngrep, httpry) Hojung 2014.07.25 4169
4 DDoS 공격대응 가이드 Hojung 2014.07.29 4833
3 Convert ascii to hex and vice versa (hexdump, od, xxd, echo -e) Hojung 2015.01.04 1603
2 Base64 encode/decode with OpenSSL Hojung 2015.01.04 1842
1 Analysing NTPd logs file Hojung 2014.12.07 2048
Board Pagination ‹ Prev 1 Next ›
/ 1

Designed by sketchbooks.co.kr / sketchbook5 board skin

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5