Starting Your Yara Rule With a Wild Card

Posted: September 22nd, 2012 | Author: | Filed under: IT Related | Tags: , , | No Comments »

I’ve worked on an update of BlackHole rule yesterday, after seeing new patterns appear on BlackHole 2 which is different compare to the initial release of BlackHole 2. Samples were downloaded from MalwareDomainList and Contagiodump.

These new changes require me to use extreme regex for the detection. I’ve accidentally start one of the regex with a wild card and on the dry run test, I’m very disappointed with the performance. Lets see the time taken:

After performing some tweak to the regex, so here is the screenshot of the time taken:

What a different!!

So as for the advice, please read Yara PerformanceGuidelines documentation to get the best performance for your rule.

For MyYaraSIG members, you may refer to commit 8b12d51463



Btw, don’t you wanna know the detection rate in virustotal? 🙂

MySQLTuner : High-performance MySQL optimization script

Posted: November 9th, 2010 | Author: | Filed under: IT Related | Tags: , , | No Comments »

MySQLTuner is a script written in Perl that will assist you with your MySQL configuration and make recommendations for increased performance and stability. Within seconds, it will display statistics about your MySQL installation and the areas where it can be improved.

It’s key to remember that MySQLTuner is a script which can assist you with your server, but it is not the solution to a badly performing MySQL server. The best performance gains come from a thorough review of the queries sent to the server, and an evaluation of the MySQL server itself. A qualified developer in your application’s programming or scripting language should be able to work with a MySQL database administrator to find improvements for your server. Once the server and application are optimized well, you may need to consider hardware upgrades to the physical server itself.

[Read more]

Seriously it would increase your MySQL performance and save your time!