Update procmem_yara.py #426
Conversation
|
thanks, the problem of expose strings, is that it helps in leaks of private yara, we need to add some configuration for that first |
|
Yeah that make sense. So you mean a parameter to expose strings or not ? I can definitely change the code to reflect that. I think you mean more like a configuration to know which one to not expose, if it's the case then let me know if I can help in any way. |
|
Yes, I just need to think about how to properly handle that, not sure if just add conf option and read it in sig and put under if, what do you think? + Which config should we use |
|
I think it would be ideal to have a optional private field/conf option in the sig themselves which are to be private and the procmem_yara rule look for this field and don't expose if it's private instead of having the rule procmem_yara be an on/off feature. I will make the change. Thanks for the feedback ! |
|
Is about string field, not sig on/off |
|
Yes correct, what I meant was either no strings or strings should not be enabled/disabled for everything but a rule specific behavior which is controlled(checked) via the procmem_yara. |
No description provided.