Becoming the YARA Hunter

Presented at SAINTCON 2019, Oct. 22, 2019, 1 p.m. (240 minutes)

**Training is limited to 40 people. Training is first come first serve!!!** YARA is a free and open source pattern matching tool for hunting threats, malware, or other specific patterns in files. It is used by a large majority of security vendors and is baked into many security products. This course takes the beginner from writing their first YARA rule to hunting and categorizing target malware families. We'll discuss what makes a weak signature vs what makes a great signature that can find new threat variants even before your security products do. We'll also show where you can already start using YARA rules, including open source and commercial products that have YARA builtin. If you're new to YARA and want to step up your threat hunting this course is for you! **Training is limited to 40 people. Training is first come first serve!!!**

Presenters:

• Waylon Grange - Stage 2 Security
  Waylon Grange is an experienced reverse engineer, developer, and security researcher. He holds a graduate degree in Information Security from Johns Hopkins University, and has worked numerous computer incident investigations spanning the globe. He has presented at many security conferences such as Black Hat, DEFCON, RSA, and others. Prior to Stage 2 Security he worked for Symantec as a Senior Threat Researcher, and the Department of Defense performing vulnerability research, software development, and Computer Network Operations.

Links:

• https://saintcon2019.sched.com/event/W6VJ/becoming-the-yara-hunter

Similar Presentations:

• DerbyCon 6.0 Recharge (2016) / Yara Rule QA: Can’t I Write Code to do This for Me?
• SAINTCON 2019 / Privacy Workshop Training
• BSidesDC 2017 / Effective YARA (CLASS)