FARA, or Faux YARA, is a simple repository that contains a set of purposefully erroneous Yara rules. It is meant as a training vehicle for new security analysts, those that are new to Yara and even Yara veterans that want to keep their rule writing (and debugging) sharp.

Example "faux" rule

Find it over on Github:

https://github.com/bartblaze/FARA 

Quite a while ago, I've published some of my private Yara rules online, on Github.

They can be found here:

https://github.com/bartblaze/Yara-rules

There's two workflows running on that Github repository:

• YARA-CI: runs automatically to detect signature errors, as well as false positives and negatives.
• Package Yara rules: allows download of a complete rules file (all Yara rules from this repo in one file) for convenience from the Actions tab > Artifacts (see image below).

The Yara rules are divided into:

• APT
• Crimeware
• Generic
• Hacktools
• Ransomware
  

Furthermore, the rules can work natively with AssemblyLine due to the CCCS Yara rule standard adoption.

PR's are welcome where you see fit.