Able to detect unwelcome changes in files or find mythical patterns (Social Security Numbers, administrative credentials, etc.) in unwelcome places (like outgoing email attachments), Yara is a powerful tool with a seemingly endless number of uses. There are limitations to signature-based detection, so it would be a bad idea to rely solely on Yara to find malicious files. But if you consider its versatility, losing this tool would not be a good idea, either.
OSUQuery to query the last location of the system state
Imagine if finding malicious processes, malicious plugins, or software vulnerabilities on your Windows, MacOS, and Linux endpoints was a simple matter of writing a SQL query. That’s the idea behind OSQuery, an open source tool from Facebook developers that collects operating system information such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events, and file hashes from a related database. If you know how to write an SQL query, that’s all you need to get answers to security questions—no complicated code required.
For example, the following query can find all processes listening on network ports:
Source link