docker_file_analysis/data/generated/cheatsheets/yara.cheat

# yara
# Pattern matching tool for identifying and classifying malware using custom rules
# FOR610 Labs: 3.4 | Sections: 3
# Docs: https://docs.remnux.org/discover-the-tools/examine+static+properties/general

% pattern-matching, classification, rules

# Basic usage
yara-rules specimen.bin

# Alternative usage
yara rule.yar specimen.exe


# --- Recipes (multi-tool chains) ---

# >> Parse Cobalt Strike Beacon Configuration
# Scan with YARA for CS signatures
yara-rules <sample>
# Extract beacon configuration
1768.py <sample_or_shellcode.bin>