Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: YARA v4.0.0: BASE64 Strings SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
YARA v4.0.0: BASE64 Strings

YARA version 4.0.0 was released.

One of its new features that caught my eye, is base64 strings.

This is the example rule for the base64 modifier from YARA's documentation:

rule Base64Example1
{
    strings:
        $a = "This program cannot" base64

    condition:
        $a
}

This rule will search for ASCII strings that are possible BASE64-encodings of ASCII string "This program cannot".

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

505 Posts
ISC Handler
May 10th 2020

Sign Up for Free or Log In to start participating in the conversation!