performing-yara-rule-development-for-detection

Featured

Develop precise YARA rules for malware detection by identifying unique byte patterns, strings, and behavioral indicators in executable files while minimizing false positives.

AI & Automation 13,115 stars 1533 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Performing YARA Rule Development for Detection ## Overview YARA is the pattern matching swiss knife for malware researchers, enabling identification and classification of malware based on textual or binary patterns. Effective YARA rules combine unique string patterns, byte sequences, PE header characteristics, import table analysis, and conditional logic to detect malware families while avoiding false positives. Modern YARA-X (rewritten in Rust, stable since June 2025) brings improved performance and new modules. Rules should target unpacked malware artifacts like hardcoded stack strings, C2 URLs, mutex names, encryption constants, and unique code sequences rather than packer signatures. ## When to Use - When conducting security assessments that involve performing yara rule development for detection - When following incident response procedures for related security events - When performing scheduled security testing or auditing activities - When validating security controls through hands-on testing ## Prerequisites - Python 3.9+ with `yara-python` library - YARA 4.5+ or YARA-X 0.10+ - PE analysis tools (`pefile`, `pestudio`) - Hex editor for identifying unique byte patterns - Access to malware samples (VirusTotal, MalwareBazaar) - Understanding of PE file format, strings, and import tables ## Key Concepts ### Rule Structure Every YARA rule consists of three sections: `meta` (optional descriptive metadata), `strings` (pattern definitions), and `condition` (matching...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

performing-threat-hunting-with-yara-rules

Use YARA pattern-matching rules to hunt for malware, suspicious files, and indicators of compromise across filesystems and memory dumps. Covers rule authoring, yara-python scanning, and integration with threat intel feeds.

13,115 Updated today
mukul975
API & Backend Solid

yara-rule-authoring

Guides authoring of high-quality YARA-X detection rules for malware identification. Use when writing, reviewing, or optimizing YARA rules. Covers naming conventions, string selection, performance optimization, migration from legacy YARA, and false positive reduction. Triggers on: YARA, YARA-X, malware detection, threat hunting, IOC, signature, crx module, dex module.

5,501 Updated 4 days ago
trailofbits
AI & Automation Featured

performing-malware-triage-with-yara

Performs rapid malware triage and classification using YARA rules to match file patterns, strings, byte sequences, and structural characteristics against known malware families and suspicious indicators. Covers rule writing, scanning, and integration with analysis pipelines. Activates for requests involving YARA rule creation, malware classification, pattern matching, sample triage, or signature-based detection.

13,115 Updated today
mukul975
AI & Automation Solid

yara-rules-skill

YARA rule creation, testing, and deployment

1,160 Updated today
a5c-ai
Data & Documents Solid

malware-analysis--sandboxing

Static and dynamic malware analysis, YARA rule generation, sandbox configuration, behavioral profiling, and malware family classification

50 Updated 2 days ago
Masriyan