Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

YARA v4.0.0: BASE64 Strings

Published: 2020-05-10
Last Updated: 2020-05-10 12:21:40 UTC
by Didier Stevens (Version: 1)
0 comment(s)

YARA version 4.0.0 was released.

One of its new features that caught my eye, is base64 strings.

This is the example rule for the base64 modifier from YARA's documentation:

rule Base64Example1
        $a = "This program cannot" base64


This rule will search for ASCII strings that are possible BASE64-encodings of ASCII string "This program cannot".

Didier Stevens
Senior handler
Microsoft MVP

Keywords: base64 yara
0 comment(s)
Diary Archives