StreamDivert: Relaying (specific) network connections

Author: Jelle Vergeer The first part of this blog will be the story of how this tool found its way into existence, the problems we faced and the thought process followed. The second part will be a more technical deep dive into the tool itself, how to use it, and how it works. Storytime About … Continue reading StreamDivert: Relaying (specific) network connections →

mkYARA – Writing YARA rules for the lazy analyst

Writing YARA rules based on executable code within malware can be a tedious task. An analyst cannot simply copy and paste raw executable code into a YARA rule, because this code contains variable values, such as memory addresses and offsets. The analyst has to disassemble the code and wildcard all the pieces in the code … Continue reading mkYARA – Writing YARA rules for the lazy analyst →