Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: YARA v4.0.0: BASE64 Strings SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
YARA v4.0.0: BASE64 Strings

YARA version 4.0.0 was released.

One of its new features that caught my eye, is base64 strings.

This is the example rule for the base64 modifier from YARA's documentation:

rule Base64Example1
{
    strings:
        $a = "This program cannot" base64

    condition:
        $a
}

This rule will search for ASCII strings that are possible BASE64-encodings of ASCII string "This program cannot".

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

 DidierStevens

451 Posts
ISC Handler
Reply Subscribe May 10th 2020
3 weeks ago

Sign Up for Free or Log In to start participating in the conversation!