Find samples containing registry run key pathways with YARA.
Detect socat with YARA.
Detect Mach-O binaries with YARA.
Getting started with YARA.
YARA Rules Index
Abusing Accessibility Features as a persistence mechanism.
Malicious LNK files.
Some notes on finding malicious Scheduled Tasks.
I was writing some PowerShell scripts to scan disks for certain types of malware and realized that Get-ChildItem was kind of slow. I googled around and found this site which demonstrated using robocopy.exe and dir as faster alternatives to Get-ChildItem. Here were the results I had searching for LNK files on my disk using both …
All about cron persistence
REVIEW: RED TEAM Operator: Windows Evasion Course by SEKTOR7 Institute.
Quick and dirty example of process enumeration using CreateToolhelp32Snapshot