Recently i’ve published this post focused on hunting malware using volatility and Yara rules.Continue reading “Malhunt: automated malware search in memory dumps”
Previously i’ve talked a lot about Volatility, and i’ve published also some articles about YARA.
Today i’d like share a brief and simple workflow, useful for a first high-level analysis of memory dumps in order to search the presence of a generic malware.Continue reading “Finding malware on memory dumps using Volatility and Yara rules”
If you need to generate your own rules starting from recovered evidences
YARA is a tool aimed at helping malware researchers to identify and classify malware samples.
Basically, write some antivirus signatures (or essentially regular expressions) and it can search a binary file for them.