1
2
Fork 0
mirror of https://github.com/carlospolop/hacktricks.git synced 2023-12-14 19:12:55 +01:00

GitBook: [master] 508 pages modified

This commit is contained in:
CPol 2021-08-16 23:29:43 +00:00 committed by gitbook-bot
parent 6f14fb06e8
commit 067f37a85b
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF

View file

@ -39,6 +39,10 @@ yara -w malware_rules.yar image #Scan 1 file
yara -w malware_rules.yar folder #Scan hole fodler
```
#### YaraGen: Check for malware and Create rules
You can use the tool [**YaraGen**](https://github.com/Neo23x0/yarGen) to generate yara rules from a binary. Checkout these tutorials: [**Part 1**](https://www.nextron-systems.com/2015/02/16/write-simple-sound-yara-rules/), [**Part 2**](https://www.nextron-systems.com/2015/10/17/how-to-write-simple-but-sound-yara-rules-part-2/), [**Part 3**](https://www.nextron-systems.com/2016/04/15/how-to-write-simple-but-sound-yara-rules-part-3/)
### ClamAV
#### Install
@ -55,6 +59,14 @@ clamscan filepath #Scan 1 file
clamscan folderpath #Scan the hole folder
```
### IOCs
IOC means Indicator Of Compromise. An IOC is a set of **conditions that identifies** some potentially unwanted software or a confirmed **malware**. Blue Teams use this kind of definitions to **search for this kind of malicious files** in their **systems** and **networks**.
To share these definitions is very useful as when a malware is identified in a computer and an IOC for that malware is created, other Blue Teams can use it to identify the malware faster.
A tool to create or modify IOCs is ****[**IOC Editor**](https://www.fireeye.com/services/freeware/ioc-editor.html)**.**
You can use tools such as ****[**Redline**](https://www.fireeye.com/services/freeware/redline.html) ****to search for IOCs in a device.
### rkhunter
Tools like [**rkhunter**](http://rkhunter.sourceforge.net/) can be used to check the filesystem for possible **rootkits** and malware.