ℹ️ This was duplicated to this blog for readability and reference
The most difficult challenge with RMM detection is contextual awareness around usage to determine if it is valid or malicious.
brokensound77
/ RMM-detection.md
Last active
January 27, 2026 18:22
Detection Engineering: RMM analysis
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // package me.piebridge; | |
| import java.io.IOException; | |
| import java.io.RandomAccessFile; | |
| import java.math.BigInteger; | |
| import java.nio.ByteBuffer; | |
| import java.nio.ByteOrder; | |
| import java.util.Arrays; | |
| import java.util.regex.Matcher; | |
| import java.util.regex.Pattern; |
Neo23x0
/ yara_performance_guidelines.md
Last active
July 14, 2025 09:04
YARA Performance Guidelines
This Gist has been transfered into a Github Repo. You'll find the most recent version here.
When creating your rules for YARA keep in mind the following guidelines in order to get the best performance from them. This guide is based on ideas and recommendations by Victor M. Alvarez and WXS.
- Revision 1.4, October 2020, applies to all YARA versions higher than 3.7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install mongodb | |
| --- | |
| - name: Add mongo ppa key | |
| sudo: yes | |
| apt_key: > | |
| keyserver=hkp://keyserver.ubuntu.com:80 | |
| id=7F0CEB10 | |
| state=present | |
| - name: Add mongo sources list |