Blog

100 Days of YARA: Everything You Need to Know

one hundred days phrase made from metallic letterpress on dark jeans background

YARA is a popular and powerful tool for identifying and classifying malware. It has been in use for many years and is widely referenced by cybersecurity professionals to detect threats. In 2022, Greg Lesnewich started #100DaysofYARA, as an initiative, similar to #100DaysOfCode, to engage with YARA for the first 100 days of the year. The challenge involves contributing to the community by writing and sharing one new YARA rule each day for 100 days, either working on YARA source code and other tooling or generally helping educate folks.

The goal of the challenge is to improve participants’ YARA skills and contribute to the community’s knowledge base. By sharing rules, participants can help others identify new threats and improve their own detection capabilities. Additionally, the challenge encourages collaboration and the sharing of knowledge and ideas.

The 100 Days of YARA challenge has seen many participants from around the world, including cybersecurity professionals, students, and hobbyists. Some notable participants in the challenge include:

  1. Greg Lesnewich – Inspired by Google’s 100 days of code, #100DaysofYARA challenge is the brain child of Greg who launched and completed his 100 days in 2022.
  2. Wesley Shields – Wesley is the creator and owner of the 100DaysofYARA GitHub account, providing a great place for YARA resources created and shared during the challenge. You can check out the newest repository from this year here: https://github.com/100DaysofYARA/2023
  3. Steve “YARA” Miller – Works on the threat intelligence team at Microsoft and is an avid contributor to the YARA community. He has presented multiple endeavors to help the YARA community improve their understanding of the tool, including scripts to better understand YARA string mutations, and other concepts.
  4. Florian Roth – Florian is the founder of Nextron Systems, a cybersecurity company that specializes in incident response and threat intelligence. He is also a YARA expert and has written several books on the topic. Florian has been a key participant in the 100 Days of YARA challenge, sharing his expertise and knowledge with the community.
  5. John Hammond – John is a cybersecurity researcher and content creator who is known for his YouTube channel, which features videos on cybersecurity topics. He is also a key participant in the 100 Days of YARA challenge, sharing his YARA rules and knowledge with the community.
  6. Vitali Kremez – In memoriam, Vitali was a cybersecurity researcher and intelligence analyst who specialized in malware analysis and threat intelligence. He was also a YARA expert and authored several articles and books on the topic. Vitali had been a key participant in the 100 Days of YARA challenge, generously sharing his expertise and knowledge with the community before his untimely passing.
  7. Pedro Matias – Pedro is a cybersecurity professional and YARA expert who has worked for several companies and organizations, including the European Union Agency for Cybersecurity. He has also written several books and articles on YARA and is a key participant in the 100 Days of YARA challenge.
  8. Liam O’Murchu – Liam is the Director of Development for Security Technology and Response at Symantec, a cybersecurity company. He is also a YARA expert and has written several articles and books on the topic. Liam has been a key participant in the 100 Days of YARA challenge, sharing his expertise and knowledge with the community.

These are just a few of the many participants in the 100 Days of YARA challenge. The challenge has seen participation from people of all skill levels and backgrounds, making it a truly inclusive and collaborative effort. By working together and sharing their knowledge and expertise, participants in the challenge help make the cybersecurity community stronger and more effective in the fight against malware and other threats.

If you’re interested in participating in the 100 Days of YARA challenge, there are a few things you can do to get started. First, familiarize yourself with YARA and its capabilities. There are many resources available online, including books, articles, and tutorials. Once you feel comfortable with YARA, start writing your own rules and share them with the community. Don’t be afraid to ask for feedback or collaborate with others – the YARA community is very supportive and is always willing to help. And most importantly, have fun and enjoy the challenge!

If you’re looking to build your own rules, or gain a better understanding of the capabilities of YARA, InQuest has created many resources to help you get started and explore the world of building YARA rules. If you’re interested in learning more about YARA, we currently have multiple open-source repositories and resources containing custom rules.

100 Days of YARA Participants | 2023

A ? indicates completion of the challenge… if your name or trophy is missing from this list, please let us know by emailing [email protected].

NameLink(s)Rule(s)
? JohnTwitter: https://twitter.com/BitsOfBinary
GitHub: https://github.com/BitsOfBinary
1. https://github.com/100DaysofYARA/2023/
tree/main/bitsofbinary
? Daniel StinsonTwitter: https://twitter.com/shellcromancer
GitHub: https://github.com/shellcromancer
1. https://shellcromancer.io/posts/
100-days-of-yara-later/
2. https://github.com/100DaysofYARA/2023/
tree/main/shellcromancer
Paul MelsonTwitter: https://twitter.com/pmelson1. https://github.com/pmelson/yara_rules/blob/
master/pngrules.yara
Alex HegyiTwitter: https://twitter.com/threathog1. https://twitter.com/threathog/status/
1644402689537896449
Twitter: https://twitter.com/notareverser
GitHub: https://github.com/notareverser
1. https://twitter.com/notareverser/status/
1619013091769077760
Twitter: https://twitter.com/c3rb3ru5d3d53c
GitHub: https://github.com/c3rb3ru5d3d53c
1. https://twitter.com/c3rb3ru5d3d53c/status/
1631479244273463297
Steve MillerTwitter: https://twitter.com/stvemillertime
GitHub: https://github.com/stvemillertime
1. https://twitter.com/stvemillertime/status/
1642261639951990786
2. https://github.com/100DaysofYARA/2023/
tree/main/stvemillertime
Twitter: https://twitter.com/cyberpu722806481. https://twitter.com/cyberpu72280648/status/
1646028203620990976
Twitter: https://twitter.com/Qutluch
GitHub: https://github.com/schrodyn
1. https://gist.github.com/schrodyn/
9d8ebbf7c07db779c7b55d403ca6267a
2. https://gist.github.com/schrodyn/
45eab4f9229f116e2cfd2c427a84fdd6
Greg LesnewichTwitter: https://twitter.com/greglesnewich GitHub: https://github.com/glesnewichpfpt1. https://twitter.com/greglesnewich/status/
1638880774706593792
2. https://github.com/100DaysofYARA/2023/
tree/main/glesnewich
Twitter: https://twitter.com/bintelbot1. https://twitter.com/bintelbot/status/
1614667163868053504
Twitter: https://twitter.com/Vert1cal_
Wesley ShieldsTwitter: https://twitter.com/wxs
GitHub: https://github.com/wxsBSD
1. https://github.com/100DaysofYARA/
2023/tree/main/wxs
Josh StroscheinTwitter: https://twitter.com/jstrosch
Silas CutlerTwitter: https://twitter.com/silascutler
GitHub: https://github.com/silascutler/
1. https://github.com/silascutler/2023/blob/
main/silas/MAL_MEM_ArkeiStealer.yar
2.https://github.com/silascutler/2023/blob/main/silas/
MAL_PY_PyPi_PoweRAT_Loader.yar
3. https://github.com/100DaysofYARA/
2023/tree/main/silas
Daniel MayerTwitter: https://twitter.com/dan__mayer
GitHub: https://github.com/MayerDaniel
1. https://github.com/100DaysofYARA/
2023/tree/main/dan
Albert ZsigovitsTwitter: https://twitter.com/albertzsigovits
GitHub: https://github.com/albertzsigovits
1. malware-yara
Twitter: https://twitter.com/dr4k0nia
GitHub: https://github.com/dr4k0nia
1. yara-rules
Jeremy BrownTwitter: https://twitter.com/alteredbytes
GitHub: https://github.com/trinity-jbrown
1. https://github.com/100DaysofYARA/2023/
tree/main/alteredbytes
StevenGitHub: https://github.com/malvidin1. https://github.com/100DaysofYARA/2023/
tree/main/malvidin

100 Days of YARA Participants | 2022

NameLink(s)Rule(s)
? Greg LesnewichTwitter: https://twitter.com/greglesnewich
GitHub: https://github.com/glesnewichpfpt
1. https://github.com/100DaysofYARA/2022/blob/main/glesnewich/
APT_NK_UNC4034_TrojanizedPutty_BLINDINGCAN.yar
ChrisTwitter: https://twitter.com/cbecks_2
GitHub: https://github.com/cbecks2
1. https://github.com/100DaysofYARA/2022/blob/
main/cbecks2/apfell_mythic.yar
2. https://github.com/100DaysofYARA/2022/blob/
main/cbecks2/bifrost.yar

Free Email Hygiene Analysis

Solid email security begins with proper email hygiene. There are a variety of email hygiene technologies and wrapping one’s head around them all is challenging. Try our complimentary Email Hygiene Analysis and receive an instant report about your company’s security posture including a simple rating with iterative guidance, as well as a comparison against the Fortune 500. Try it today!

Free Email Hygiene Analysis