Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a running operating system.
The goal of the software is to be able to use a set of rules against collected or acquired digital forensic evidences and find installed software in a timely fashion.
The software can be used to baseline known software from Windows system and create a set of rules for finding similar installation on other systems.
sudo apt-get install build-essential libffi-dev python3 python3-dev python3-pip libfuzzy-dev
pip install ssdeep
Some tools are required on the host operating system some are Unix standard tools and some additional ones:
For the Windows virtual machine, the following software is required to be installed:
bin/OnWindows/Varclient.py
bin/OnWindows/client.py
in an executable file with PyInstaller and put in startup folderetc/allVariables.py
to match your desired configuraitonIn test/
some examples of software to install is given, the following specific format is required:
:
, or the name of the file in case of msi or exe file.:
there’s the name of the exe to extract and run it (without extension).,
follow the same system with the word installer
first and after :
the type of installer :uninstaller
follow by :
and the uninstaller like choco, msiexec or exebin/Generator.py
is the only script to run, don’t forget to update etc/allVariables.py
(critical step).Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…
While file extensions in Linux are optional and often misleading, the file command helps decode what a…
The touch command is one of the quickest ways to create new empty files or update timestamps…
Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…
Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…
Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…