Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a running operating system.
The goal of the software is to be able to use a set of rules against collected or acquired digital forensic evidences and find installed software in a timely fashion.
The software can be used to baseline known software from Windows system and create a set of rules for finding similar installation on other systems.
sudo apt-get install build-essential libffi-dev python3 python3-dev python3-pip libfuzzy-dev
pip install ssdeep
Some tools are required on the host operating system some are Unix standard tools and some additional ones:
For the Windows virtual machine, the following software is required to be installed:
bin/OnWindows/Varclient.py
bin/OnWindows/client.py
in an executable file with PyInstaller and put in startup folderetc/allVariables.py
to match your desired configuraitonIn test/
some examples of software to install is given, the following specific format is required:
:
, or the name of the file in case of msi or exe file.:
there’s the name of the exe to extract and run it (without extension).,
follow the same system with the word installer
first and after :
the type of installer :uninstaller
follow by :
and the uninstaller like choco, msiexec or exebin/Generator.py
is the only script to run, don’t forget to update etc/allVariables.py
(critical step).Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…